WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Re: masquerading and apt-get problem

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Re: masquerading and apt-get problem
From: Jonathan Dill <jonathan@xxxxxxxxx>
Date: Wed, 01 Nov 2006 11:13:12 -0500
Delivery-date: Thu, 02 Nov 2006 13:59:52 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.7 (X11/20060916)
Sorry I wasn't paying attention to this thread, but am about to try it myself and think I might know what is the problem if you haven't fixed it yet...
try replacing eth0 with 'xenintbr', shouldn't need forwarding enabled
though? Is this a situation where you have eth0 configured non-bridged,
and forwarding to a dummy bridge which in turn is feeding the guest?

If so .. is there a special need or reason for that particular setup?

Maybe he doesn't want to assign "real" IPs on the LAN? Unfortunately, in some places, there could be political or practical restrictions that would make it inconvenient to get additional real IPs. Anyway, I am about to try a similar set up myself for testing.
On Sun, 2006-10-22 at 16:15 +0200, Andreas Heinecke wrote:
>/ Hi,/
>/ /
>/ I've a problem with the network access in a domU. I installed xen 3.0.2/
>/ on a dedicated root-server and configured a unprivileged domain. To make/
>/ the network work on this domU I created a bridge "xenintbr" with the IP:/
>/ 192.168.1.1./
>/ Enabled ip_forwarding and told iptables to masquerade with the command:/
>/ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE/
>/ /
>/ Now I#m able to ping around the world in my domU (google.de etc.). This/
>/ tells me, that it works. But if I when enter the command:/
>/ apt-get update/
>/ it tells me that it's waiting for headers and nothing more./
>/ It seems that I can ping but I'm not able to do other things./
>/ /
>/ Any suggestions?/
>/ I ran put of ideas, please help me./
>/ /
>/ kind regards,/
>/ /
>/ Andreas/
I think you might be running into a problem with NAT, proxy settings, and/or HTTP pipelining in apt, I have had similar problems with the behavior triggering IPS on SonicWALL and getting blocked. Try this:

Comment out proxy line if it exists in /etc/apt/apt.conf
// Acquire::http::Proxy "false";

Create a file /etc/apt/apt.conf.d/80http containing:
// /etc/apt/apt.conf.d/80http
Acquire::http::Pipeline-Depth "0";

Alternatively, set up an http proxy on the LAN that can get to the apt repositories and configure the domU's to use the proxy--if you have multiple domU's using the same OS version, this will have the side benefit of cutting down on WAN traffic to download updates.

apt-proxy looks nice since it stores cached files in a format where you can also access the real files on the filesystem. However, I couldn't get apt-proxy working, so I ended up using squid, but there is no easy direct way to access files that are cached by squid.

http://apt-proxy.sourceforge.net/

Jonathan

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>