WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Xen a couple of questions

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Xen a couple of questions
From: Geert Janssens <info@xxxxxxxxxxxx>
Date: Tue, 5 Jun 2007 11:04:16 +0200
Delivery-date: Tue, 05 Jun 2007 02:02:35 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <55115.195.212.29.163.1181032443.squirrel@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Organization: Kobalt W.I.T.
References: <55115.195.212.29.163.1181032443.squirrel@xxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.4
1. On CentOS 5, Redhat Enterprise 5 and Fedora core 6 and up, the xen kernel 
can be used for both dom0 and domU. There is no need anymore for two kernels.

2. I don't know the complete answer to your second question. From your 
ifconfig output, it looks as if Fedora Core 7 creates a virbr0 interface 
instead of a xenbr0 interface. You could check if this is really a bridge 
with the command "brctl show". You probably have to execute this as root.

Then if I understand your question correctly, you are trying to setup a xen 
guest domain to act as a firewall/router/gateway/whatever for your lan.

So I assume you only want this guest domain to use the external network card 
(your eth0). There are two ways of accomplishing this:
* either use PCI passthrough so that your dom0 won't see eth0, but instead 
it's passed to your guest system (search for pciback on Google for more 
info). Unfortunatly, I didn't manage to set this up in my particular case, so 
I used the seconde option:
* create two xenbridges, one for your external network interface, and one for 
your internal network interface. Then configure dom0 such that it isn't 
allowed to use the bridge for the external interface. You can do this by 
either disabling the virtual interface in dom0 (which will be called eth0) or 
by setting some firewall rules in dom0, or both.
You can search this list for one of my earlier mails, where I explain my 
configuration (on CentOS 5). It's titled "advanced bridging..." and dated May 
16th, 2007.

Hopefully this will help you along the way.

Cheers,

Geert

On Tuesday 5 June 2007 10:34, Octavian Teodorescu wrote:
> Hi guys,
>
> 1. Regarding Centos and Fedora core 7 compared with fedora core 5. I've
> seen that on fedora core 5 when you want to install xen you have to
> install the following packages: xen, kernel-xen0 and kernel-xenU (of
> course with the dependencies needed). But on Centos, FC7 and I think
> redhat versions, you only have to install xen and kernel-xen, you don't
> have any kernel for the guest system. In my case I could only start a xen
> guest (on FC7) with an older kernel-xenU installed from FC version 5.
>
> My question is: Why does the newer releases of linux has xen kernel
> prebuilt but just for dom0, not for the guest systems, and you can't even
> find a domU kernel special for those systems?
>
> 2.My network topology in my home is like this:
> --------
> -router-
> --------
>
>
>
> -----------         ------------
> -linux xen-   ----  -other 2 pc-
> -----------         ------------
>
> The linux xen machine has two network interfaces and xen installed.
> I want: -  one windows machine virtualized
>         -  one linux machine for which I want to have a public ipaddress
> (to put the ip in DMS on the router) and I want it to use eth0 (so
> in this case the traffic can not be sniffed by other guest systems
> or dom0).
>
> ifconfig -a (on dom0) it shows like this:
> eth0      Link encap:Ethernet  HWaddr 00:00:E8:76:E2:4D
>           UP BROADCAST MULTICAST  MTU:1500  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
>           Interrupt:21 Base address:0x2000
>
> eth1      Link encap:Ethernet  HWaddr 00:16:76:B3:16:AB
>           inet addr:192.168.0.101  Bcast:192.168.0.255  Mask:255.255.255.0
>           inet6 addr: fe80::216:76ff:feb3:16ab/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:198578 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:117290 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:267328989 (254.9 MiB)  TX bytes:8294632 (7.9 MiB)
>
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:2689 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:2689 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:12510296 (11.9 MiB)  TX bytes:12510296 (11.9 MiB)
>
> peth1     Link encap:Ethernet  HWaddr 00:16:76:B3:16:AB
>           inet6 addr: fe80::216:76ff:feb3:16ab/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:198588 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:117311 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           RX bytes:270906777 (258.3 MiB)  TX bytes:8813848 (8.4 MiB)
>           Base address:0x40c0 Memory:92200000-92220000
>
> vif4.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
>           inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:9 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:1 errors:0 dropped:6 overruns:0 carrier:0
>           collisions:0 txqueuelen:1
>           RX bytes:1068 (1.0 KiB)  TX bytes:342 (342.0 b)
>
> virbr0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
>           inet addr:192.168.122.1  Bcast:192.168.122.255 
> Mask:255.255.255.0 inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:43 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:17 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:3208 (3.1 KiB)  TX bytes:2018 (1.9 KiB)
>
> I don't see any xen bridge, because that's what I think I need: one
> network card, and one xen bridge.
> I found on google that I could use the following script:
> #!/bin/sh
> dir=$(dirname "$0")
> "$dir/network-bridge" "$@" vifnum=0 netdev=eth0 bridge=xenbr0
> "$dir/network-bridge" "$@" vifnum=1 netdev=eth1 bridge=xenbr1
> "$dir/network-bridge" "$@" vifnum=2 netdev=eth2 bridge=xenbr2
> And then set it into xen-config.sxp:
> network-script matrix-network
> But it gives errors that network-script has only start, stop and status.
> The only thing that it succeds is that I can see a xen bridge. If this
> would work, doesn't this affects other guest domains also?
>
> My question is: How can I set a guest dom to use directly a network card
> with other ip class ?
>
> Best regards,
> Octav
>
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users

-- 
Kobalt W.I.T.
Web & Information Technology
Brusselsesteenweg 152
1850 Grimbergen

Tel  : +32 479 339 655
Email: info@xxxxxxxxxxxx

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users