WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Bridging + NAT

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Bridging + NAT
From: Laurent Pointal <laurent.pointal@xxxxxxxx>
Date: Thu, 09 Feb 2006 15:24:32 +0100
Delivery-date: Thu, 09 Feb 2006 14:36:00 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5 (Windows/20051201)
[best viewed with fixed-width font]

Hello,

I'am installing my first Xen on a server.

Using online docs, wiki, reading this list... I installed a debian sarge
+ Xen3, and finally have dom0 and one domU (minimal - a dbootstrap) running.

My laboratory has a public 129.175.252.0/21 net (call it N1), and for
domU I use a private 192.168.21.0 net (call it N2). Administrators of N1
have setup routing + gateway, and N1 <=> N2 pinging works in both
directions.

Now, for domU installation and management, I need an Internet access
(dbootstrap is really minimal). As I use private network N2, I'm trying
to setup a second interface eth1 on domU, with corresponding NAT on
dom0, used for external Internet access.


<== domU ==><================ dom0 =======================>
  (meodie)                  (psaume)


 eth0--------->vif1.0-----+      peth0
                          |        |
                          +----psbridge--------------eth0
                                   |                   |
                                 vif0.0                |
                                                       |
                                                       |
 eth1--------->vif1.1--------------(NAT)---------------+


[ For my understanding, what are peth0 / vif0.0 usage, and what
pseudo-interface is connected to dom0 eth0 ? ]


Now, it seem I have routing problems or Xen understanding problems...


Here are my configuration files/tables and final result:

On dom0 (psaume)
================
psaume:~# cat /etc/xen/xend-config.sxp
                  ------------------------
    ...
    (network-script 'network-bridge bridge=psbridge netdev=eth0')
    (vif-script vif-bridge)
    ...

psaume:~# cat /etc/xen/melodie.cfg
              --------------------
    name="melodie"
    memory=256
    kernel="/boot/xen-linux-2.6.12.6-xen-domu"
    vif = ['mac=AA:00:00:00:44:01, script=vif-bridge, bridge=psbridge',
           'mac=AA:00:00:00:44:02, script=vif-nat']
    hostname = 'melodie'
    disk=['phy:stockagevg/meloswap,sda1,w',
          'phy:stockagevg/melosys,sda2,w',
          'phy:stockagevg/melodata,sda3,w']
    root="/dev/sda2 ro"



psaume:~# cat /proc/sys/net/ipv4/ip_forward
          ---------------------------------
1


psaume:~# ifconfig
          --------
eth0      Lien encap:Ethernet  HWaddr 00:13:D3:32:77:D4
          inet adr:129.175.157.73  Bcast:129.175.159.255        
                                        Masque:255.255.248.0
          adr inet6: fe80::213:d3ff:fe32:77d4/64 Scope:Lien
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:41984 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1507 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:0
          RX bytes:3874972 (3.6 MiB)  TX bytes:172931 (168.8 KiB)

lo  [removed in post]

peth0     Lien encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien
          UP BROADCAST RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:42209 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1567 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:1000
          RX bytes:4418794 (4.2 MiB)  TX bytes:188320 (183.9 KiB)
          Adresse de base:0x3000 Mémoire:d0120000-d0140000

psbridge  Lien encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          adr inet6: fe80::200:ff:fe00:0/64 Scope:Lien
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:39945 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:0
          RX bytes:3133556 (2.9 MiB)  TX bytes:378 (378.0 b)

vif0.0    Lien encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1507 errors:0 dropped:0 overruns:0 frame:0
          TX packets:41985 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:0
          RX bytes:172931 (168.8 KiB)  TX bytes:3875062 (3.6 MiB)

vif1.0    Lien encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:54 errors:0 dropped:0 overruns:0 frame:0
          TX packets:26330 errors:0 dropped:1701 overruns:0 carrier:0
          collisions:0 lg file transmission:0
          RX bytes:3646 (3.5 KiB)  TX bytes:2397969 (2.2 MiB)

vif1.1    Lien encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet adr:10.0.1.129  Bcast:0.0.0.0  Masque:255.255.255.255
          adr inet6: fe80::fcff:ffff:feff:ffff/64 Scope:Lien
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:5 overruns:0 carrier:0
          collisions:0 lg file transmission:0
          RX bytes:666 (666.0 b)  TX bytes:0 (0.0 b)


[note Xen NAT script has given 10.0.1.129 address to vif1.1]


psaume:~# iptables -L
          -----------
    Chain INPUT (policy ACCEPT) target prot opt source  destination

    Chain FORWARD (policy ACCEPT)
    target  prot opt source      destination
    ACCEPT  all  --  anywhere    anywhere     PHYSDEV match --physdev-in
vif1.0
    ACCEPT  all  --  10.0.0.0/16 anywhere     PHYSDEV match --physdev-in
vif1.1
    ACCEPT  udp  --  anywhere    anywhere     PHYSDEV match --physdev-in
vif1.1 udp spt:bootpc dpt:bootps

    Chain OUTPUT (policy ACCEPT)
    target  prot opt source      destination

[there seem to be rules for vif1.1, is this NAT]



On domU (melodie)
=================

melodie:~# cat /etc/network/interfaces
           ---------------------------
    auto lo
    iface lo inet loopback

    auto eth0
    iface eth0 inet static
            address 192.168.21.10
            netmask 255.255.255.0
            network 192.168.21.0
            gateway 192.168.21.254
            dns-search limsi.fr
            dns-nameservers 129.175.152.136 129.175.152.129

    auto eth1
    iface eth1 inet static
            address 192.168.21.11
            netmask 255.255.255.0
            network 192.168.21.0

    up route add -host 192.168.21.254 eth0
    up route add -net 129.175.152.0 netmask 255.255.248.0 eth0

[ the two up routes make N1 accessible from domU ]

melodie:~# ifconfig
           --------
eth0      Link encap:Ethernet  HWaddr AA:00:00:00:44:01
          inet addr:192.168.21.10  Bcast:192.168.21.255
                                        Mask:255.255.255.0
          inet6 addr: fe80::a800:ff:fe00:4401/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:29896 errors:0 dropped:0 overruns:0 frame:0
          TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2758293 (2.6 MiB)  TX bytes:3774 (3.6 KiB)

eth1      Link encap:Ethernet  HWaddr AA:00:00:00:44:02
          inet addr:192.168.21.11  Bcast:192.168.21.255
                                        Mask:255.255.255.0
          inet6 addr: fe80::a800:ff:fe00:4402/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:794 (794.0 b)

lo    [removed for post]


melodie:~# route -n
           --------
Kernel IP routing table
Destination     Gateway  Genmask         Flags Metric Ref    Use Iface
192.168.21.254  0.0.0.0  255.255.255.255 UH    0      0        0 eth0
192.168.21.0    0.0.0.0  255.255.255.0   U     0      0        0 eth0
192.168.21.0    0.0.0.0  255.255.255.0   U     0      0        0 eth1
129.175.152.0   0.0.0.0  255.255.248.0   U     0      0        0 eth0
0.0.0.0         192.168.21.254  0.0.0.0  UG    0      0        0 eth0


[ Now, I setup a route to the default laboratory gateway. ]

melodie:~# route add  129.175.152.252 eth1

[ And make this gateway the default route for unkown ones. ]

melodie:~# route add default gw  129.175.152.252

[ Nice, but still fail (this works under dom0, with same target). ]

melodie:~# apt-get update
Err ftp://debian.ens-cachan.fr stable/main Packages
  Could not connect to debian.ens-cachan.fr:21 (138.231.176.11). -
connect (113 No route to host)



What am-I missing (note pinging N1<==>N2 still work) ?


Thanks a lot.

Laurent.


-- 
Laurent POINTAL
CNRS-LIMSI dépt. CHM, groupes AMI et PS
Courriel: laurent.pointal@xxxxxxxx    (prof)
          laurent.pointal@xxxxxxxxxxx (perso)
Ouebe: http://www.limsi.fr/Individu/pointal/
Tél. 01 69 85 81 06 (prof)
Fax. 01 69 85 80 88



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>