|
|
|
|
|
|
|
|
|
|
xen-users
[Xen-users] Re: masquerading and apt-get problem
Sorry I wasn't paying attention to this thread, but am about to try it
myself and think I might know what is the problem if you haven't fixed
it yet...
try replacing eth0 with 'xenintbr', shouldn't need forwarding enabled
though? Is this a situation where you have eth0 configured non-bridged,
and forwarding to a dummy bridge which in turn is feeding the guest?
If so .. is there a special need or reason for that particular setup?
Maybe he doesn't want to assign "real" IPs on the LAN? Unfortunately,
in some places, there could be political or practical restrictions that
would make it inconvenient to get additional real IPs. Anyway, I am
about to try a similar set up myself for testing.
On Sun, 2006-10-22 at 16:15 +0200, Andreas Heinecke wrote:
>/ Hi,/
>/ /
>/ I've a problem with the network access in a domU. I installed xen 3.0.2/
>/ on a dedicated root-server and configured a unprivileged domain. To make/
>/ the network work on this domU I created a bridge "xenintbr" with the IP:/
>/ 192.168.1.1./
>/ Enabled ip_forwarding and told iptables to masquerade with the command:/
>/ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE/
>/ /
>/ Now I#m able to ping around the world in my domU (google.de etc.). This/
>/ tells me, that it works. But if I when enter the command:/
>/ apt-get update/
>/ it tells me that it's waiting for headers and nothing more./
>/ It seems that I can ping but I'm not able to do other things./
>/ /
>/ Any suggestions?/
>/ I ran put of ideas, please help me./
>/ /
>/ kind regards,/
>/ /
>/ Andreas/
I think you might be running into a problem with NAT, proxy settings,
and/or HTTP pipelining in apt, I have had similar problems with the
behavior triggering IPS on SonicWALL and getting blocked. Try this:
Comment out proxy line if it exists in /etc/apt/apt.conf
// Acquire::http::Proxy "false";
Create a file /etc/apt/apt.conf.d/80http containing:
// /etc/apt/apt.conf.d/80http
Acquire::http::Pipeline-Depth "0";
Alternatively, set up an http proxy on the LAN that can get to the apt
repositories and configure the domU's to use the proxy--if you have
multiple domU's using the same OS version, this will have the side
benefit of cutting down on WAN traffic to download updates.
apt-proxy looks nice since it stores cached files in a format where you
can also access the real files on the filesystem. However, I couldn't
get apt-proxy working, so I ended up using squid, but there is no easy
direct way to access files that are cached by squid.
http://apt-proxy.sourceforge.net/
Jonathan
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Xen-users] Re: masquerading and apt-get problem,
Jonathan Dill <=
|
|
|
|
|