[Xen-users] domU as router for dom0

[Marcus Carlson <marcus@xxxxxxxxxxx>]

Hey all!

I'm setting up a domU as a router/firewall for our company and ran in to 
a few problems which I hope is me doing wrong. :-)
First, I cannot find any good scripts of setting up multiple bridges 
under vlan. If i use the network-bridge in /etc/xen/scripts it complains 
and says I dont have an ip for the vlan. And I absolutly don't want 
that. Now I have to manually put each vlan into the right bridge. I 
cannot use /etc/networking/interfaces for vlans either beacause I have 
to set an ip (yes, I could use manual, but...) So how have you done 
this? I will be using alot of vlan (approx 10) and would like to have 
this in a sane way.
Second, (this may be debian specific) I have a problem with the rtc 
kernel module at the start of every domU. Is this a common error or just 
to my config?
And third, I have problem in getting the dom0 out on the net. dom0 has 
the gateway set to my domU and can ping the internet, no firewall accept 
SNAT, all policies to ALLOW). But when connecting to ftp or http (to 
apt-get update) I'm not getting there all the way, it looks like it get 
a connection but nothing is coming back to me. Other servers in the same 
net and the same gateway have no problem. What could I have done wrong? 
Has anyone else set it up this way?
Another little question; is it not possible to have more than one 
interface to the same domU in the same bridge? (Now I use eth1:1 but 
would like a seperate interface for this).
Various info:
dom0: Debian/unstable with all xen stuff from packages
libc6-xen                       2.3.6-7                    GNU C 
Library: Shared libraries [Xen version
linux-image-2.6-xen-686         2.6.16-12                  Linux kernel 
2.6 image on PPro/Celeron/PII/P
linux-image-2.6.16-1-xen-686    2.6.16-12                  Linux kernel 
2.6.16 image on PPro/Celeron/PI
linux-modules-2.6.16-1-xen-686  2.6.16-12                  Linux kernel 
modules 2.6.16 image on PPro/Ce
xen-hypervisor-3.0-i386         3.0.2+hg9681-1             The Xen 
Hypervisor for i386
xen-utils-3.0                   3.0.2+hg9681-1             XEN 
administrative tools
domU: Debian/unstable same kernel as dom0.

Output of telnetting a http server:
vm01:~# telnet ftp.sunet.se 80
Trying 194.71.11.70...
Connected to ftp.sunet.se.
Escape character is '^]'.
GET / 1.1

Normally you'd get a lot of HTML after hitting enter but here, no. But 
still it has set up a connection.
Sorry if my english is wrong, I'm not a native speaker.

Regards Marcus


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users