WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] network-nat whit qemu-dm not working

from [Michele Castigliego] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] network-nat whit qemu-dm not working
From: Michele Castigliego <subcomandante@xxxxxxxxxxx>
Date: Fri, 25 Apr 2008 14:48:59 +0200
Delivery-date: Fri, 25 Apr 2008 05:51:20 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
Hello,
please take a coffee (or beer) and read this, I'm having troubles here..

I'm using the following system:

Debian etch 4.0-r3
xen-hypervisor-3.2-1-i386 (The same appens with 3.0)
linux-image-2.6.18-6-xen-vserver-686

Dom0 is a machine with two network interfaces:
eth0 connected to Internet
eth1 connected to local network
On this system I run DNS and DHCP for the local network and I've set the
NAT for the Internet navigation. A simplified iptables rules is shown:

### iptables -L ###
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     0    --  anywhere             anywhere            state
RELATED,ESTABLISHED 
ACCEPT     0    --  anywhere             anywhere            state NEW 

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     0    --  anywhere             anywhere            state
RELATED,ESTABLISHED 
ACCEPT     0    --  anywhere             anywhere            state NEW 

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     0    --  anywhere             anywhere            state
RELATED,ESTABLISHED 
ACCEPT     0    --  anywhere             anywhere            state NEW 

### iptables -t nat -L ###
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
SNAT       0    --  192.168.0.0/24       anywhere
to:192.168.1.254 
SNAT       0    --  10.0.0.0/16          anywhere
to:192.168.1.254 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

I would like to use my Dom0 as the firewall for the local network and
DomUs, and access DomUs machine from the local network.

I've setup this xend-config.sxp:
  (network-script network-dummy)
  (network-script 'network-nat netdev=eth1')
  (vif-script 'vif-nat dhcp=yes')
  (dom0-min-mem 512)
  (dom0-cpus 0)
  (vnc-listen '0.0.0.0')

## DomU xen-etch.cfg from an example:
  kernel  = '/boot/vmlinuz-2.6.18-6-xen-vserver-686'
  ramdisk = '/boot/initrd.img-2.6.18-6-xen-vserver-686'
  memory  = '512'
  root    = '/dev/sda1 ro'
  disk    =
[ 
'file:/home/xen/domains/xen-etch/disk.img,sda1,w','file:/home/xen/domains/xen-etch/swap.img,sda2,w'
 ]
  name    = 'xen-etch'
  dhcp = 'dhcp'
  vif  = [ '' ]
  on_poweroff = 'destroy'
  on_reboot   = 'restart'
  on_crash    = 'restart'

## DomU win.cfg from an example:
  kernel = '/usr/lib/xen-3.2-1/boot/hvmloader'
  builder = 'hvm'
  memory = '512'
  device_model='/usr/lib/xen-3.2-1/bin/qemu-dm'
disk=[ 
'file:/root/win_vm.img,ioemu:hda,w','file:/root/WINXP.iso,ioemu:hdc:cdrom,r' ]
  name = 'win01'         
  vif = ['type=ioemu, vifname=wif_win']
  dhcp = 'dhcp'
  usbdevice="tablet"
  boot='d'
  vnc=1
  vncviewer=1
  vncunused=0
  sdl=0

I've commented out qemu-ifup because of NAT:
#ifconfig $1 0.0.0.0 up
#brctl addif $2 $1


After DomUs starting this is my iptables -L shown:
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     0    --  anywhere             anywhere            state
RELATED,ESTABLISHED 
ACCEPT     0    --  anywhere             anywhere            state NEW 

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     0    --  anywhere             anywhere            state
RELATED,ESTABLISHED 
ACCEPT     0    --  anywhere             anywhere            state NEW 
ACCEPT     0    --  10.0.0.0/16          anywhere            PHYSDEV
match --physdev-in vif8.0 
ACCEPT     udp  --  anywhere             anywhere            PHYSDEV
match --physdev-in vif8.0 udp spt:bootpc dpt:bootps 
ACCEPT     0    --  10.0.0.0/16          anywhere            PHYSDEV
match --physdev-in wif_win 
ACCEPT     udp  --  anywhere             anywhere            PHYSDEV
match --physdev-in wif_win udp spt:bootpc dpt:bootps 

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     0    --  anywhere             anywhere            state
RELATED,ESTABLISHED 
ACCEPT     0    --  anywhere             anywhere            state NEW 

my iptables -t nat -L is the same as previuos.
Finally this is my ifconfig:
eth0      Link encap:Ethernet  HWaddr 00:1D:92:3D:XX:XX  
          inet addr:192.168.1.254  Bcast:192.168.1.255
Mask:255.255.255.0
          inet6 addr: fe80::21d:92ff:fe3d:c74b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1484885 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2058483 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:412365010 (393.2 MiB)  TX bytes:1104053767 (1.0 GiB)
          Interrupt:17 Base address:0x6000 

eth1      Link encap:Ethernet  HWaddr 00:0D:88:CD:XX:XX  
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20d:88ff:fecd:6634/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2033285 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1459103 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1098654659 (1.0 GiB)  TX bytes:412892888 (393.7 MiB)
          Interrupt:16 Base address:0xec00 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:9321 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9321 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1387261 (1.3 MiB)  TX bytes:1387261 (1.3 MiB)

vif8.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          inet addr:10.0.8.128  Bcast:0.0.0.0  Mask:255.255.255.255
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:44 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:8384 (8.1 KiB)  TX bytes:3200 (3.1 KiB)

wif_win   Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          inet addr:10.0.9.128  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

# ROUTE output:
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
10.0.10.1       0.0.0.0         255.255.255.255 UH    0      0        0
wif_win
10.0.8.1        0.0.0.0         255.255.255.255 UH    0      0        0
vif8.0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0
eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0
eth1
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0
eth0


NOW, my DomU etch is working well, I can access Internet and machine on
the local network whitout problems.
The DomU win is up with a network card but is unable to gain access to
Dom0.
I think Xen is doing the correct working by inserting correct rules and
correct host declaration in dhcpd.conf.

The only thing I've noticed is with a ps auxwwwwwwwwww:
root     11492  3.7  0.3  26040  3592 ?        Sl   14:40
0:00 /usr/lib/xen-3.2-1/bin/qemu-dm -d 10 -domain-name win01 -vnc
0.0.0.0:0 -vcpus 1 -boot d -acpi -usbdevice tablet -net
nic,vlan=1,macaddr=00:16:3e:2a:f3:ea,model=rtl8139 -net
tap,vlan=1,bridge=xenbr0 -M xenfv

I see xen passed a bridge... but I've commented it out from win.cfg..
It's not strange? Is this a bug?
Someone else have my same configuration working?

Thanks,
Michele


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] network-nat whit qemu-dm not working, Michele Castigliego <=
Previous by Date:  Re: [Xen-users] on VMware ESX, Nick Couchman
Next by Date:  [Xen-users] Looking for easy guide for Fedora 8 xen networking, Jason Solan
Previous by Thread:  Re: [Xen-users] on VMware ESX, Nick Couchman
Next by Thread:  [Xen-users] Looking for easy guide for Fedora 8 xen networking, Jason Solan
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy