On Mon, Jun 20, 2011 at 12:12 PM, Andrew Sorensen <andrewx192@xxxxxxxxx> wrote:
>> >> With that kind of setup (either manual or created by libvirt) you can
>> >> simply use bridge networking in Xen as usual, and it doesn't matter
>> >> whether your uplink is already bridged or not. And the same bridge+NAT
>> >> setup can be used for other virtualization setup as well (For example,
>> >> I'm using libvirt to create a bridge on my Virtualbox setup, which
>> >> Virtulbox uses later as bridged networking)
>> >>
>> > That was what I was trying to do. If you visit
>> > http://wiki.qemu.org/Documentation/Networking/NAT and take a look at
>> > that script at the bottom, it creates a bridged interface and takes in a
>> > a parameter to add to the NAT bridge. I'm not sure what I would need to
>> > modify in that script to create the NAT MASQUARADE rule.
>>
>> ... and what I've been trying to say is that you don't have to use
>> that script. Not if it gives you more trouble.
>>
>> Instead, I suggest you split it into two separate process:
>> (1) Creation of the bridge with NAT support
>> (2) Adding domU's vif to that bridge
>>
>> For (1) Can be done with either libvirt or setup manually.
>> For (2), you can simply use Xen's existing bridge script. No need to
>> create additional network script.
>>
>
> For (1), How would I go about setting it up manually?
I'd still recommend you use libvirt. However, if you want to create
the bridge manually, see
http://wiki.xensource.com/xenwiki/HostConfiguration/Networking .
Basically you use whatever method the OS has (/etc/network/interfaces
for Debian/Ubuntu).
As an example, you can use something like this on
/etc/network/interfaces which combines bridge and NAT creation (you
might need to load "dummy" module first, or add it to /etc/modules)
#=======================================
auto dummy0
iface dummy0 inet manual
auto br0
iface br0 inet static
address 192.168.123.1
netmask 255.255.255.0
bridge_ports dummy0
bridge_stp yes
post-up /sbin/iptables --table filter --insert INPUT --source \
192.168.123.0/255.255.255.0 --jump ACCEPT
post-up /sbin/iptables --table filter --insert FORWARD --source \
192.168.123.0/255.255.255.0 --jump ACCEPT
post-up /sbin/iptables --table filter --insert FORWARD --destination \
192.168.123.0/255.255.255.0 --match state \
--state ESTABLISHED,RELATED --jump ACCEPT
post-up /sbin/iptables --table nat --insert POSTROUTING --source \
192.168.123.0/255.255.255.0 \
! --destination 192.168.123.0/255.255.255.0 --jump MASQUERADE
pre-down /sbin/iptables --table filter --delete INPUT --source \
192.168.123.0/255.255.255.0 --jump ACCEPT
pre-down /sbin/iptables --table filter --delete FORWARD --source \
192.168.123.0/255.255.255.0 --jump ACCEPT
pre-down /sbin/iptables --table filter --delete FORWARD --destination \
192.168.123.0/255.255.255.0 --match state \
--state ESTABLISHED,RELATED --jump ACCEPT
pre-down /sbin/iptables --table nat --delete POSTROUTING --source \
192.168.123.0/255.255.255.0 \
! --destination 192.168.123.0/255.255.255.0 --jump MASQUERADE
#=======================================
Make sure that /proc/sys/net/ipv4/ip_forward = 1 (edit
/etc/sysctl.conf if you have to).
> For (2), When you refer to "bridge script" are you referring to -
> 'vif-script' or 'network-script'?
> Currently I am using a statement like
> 'bridge=br1,mac=xxxxxxxx,ip=xx.xx.xx.xx', which is working out fine for
> my "true" bridged network.
Just use whatever you currently use on "true" bridged network. Just
watch out for:
- bridge names. In my example, the bridge with NAT support is br0
- no need for "ip=xxxxx" part. Some setups with ebtables or modified
domU config can make use of that, but usually it's not needed
- setup IP address from domU. In my example I don't have a dhcp server
on dom0, so I need to assign static address in domU manually.
--
Fajar
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
Home