Charles Duffy
2005-Oct-16 11:59 UTC
[Xen-users] Re: network in general, when routed when bridged?
On Sun, 16 Oct 2005 14:24:19 +0200, Sueveges Gyoergy wrote:> I''m now a little bit confused with networking. When should be bridging > used? And When should be the routed network used? When I have one public > IP address, and for the domU-s I would have private ones (192.168....) > then can I use bridged network? Unfortunetly in docu I cannot see enough > info for the routed network settings (probably they assume that one is > familiar with networking :))Well, yes -- to set this all up and understand how it works, you *need* to be familiar with networking. There are a lot of resources you can use to learn, though, ranging from public documentation and published books to University courses on the subject, and I strongly advise that you look into them -- this is one of those topics that one really must know to be a good sysadmin. To give a very brief overview, though: Bridging two devices acts like connecting them with an ethernet cable. If you bridge your virtual instances to your outside network connection, that''s just like plugging your physical machine, your XenU instances and your outside net connection all into the same Ethernet switch. Doing firewalling on a bridge is possible (with ebtables) but is certainly not beginners'' functionality. Routing puts a machine in the middle that can act like... well, a router. It can do tricks like IP masquerading, (easier, iptables-based) firewalling and whatnot. IP masquerading is probably what you want if you wouldn''t plug multiple machines directly into your outside network. That''s not to say you can''t do routing *and* have a bridge! If you''re going to have multiple Xen instances and be starting or shutting them down, I find it easiest to put them all on a bridge and then route between that bridge and the outside world. None of this is in any way Xen-specific, and so arguably this is the wrong forum for both the question and its answers. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Sueveges Gyoergy
2005-Oct-16 12:24 UTC
[Xen-users] network in general, when routed when bridged?
Hi all I''m now a little bit confused with networking. When should be bridging used? And When should be the routed network used? When I have one public IP address, and for the domU-s I would have private ones (192.168....) then can I use bridged network? Unfortunetly in docu I cannot see enough info for the routed network settings (probably they assume that one is familiar with networking :)) Thnx for the answers George -- Using Opera''s revolutionary e-mail client: http://www.opera.com/m2/ _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Ted Kaczmarek
2005-Oct-16 12:43 UTC
Re: [Xen-users] network in general, when routed when bridged?
On Sun, 2005-10-16 at 14:24 +0200, Sueveges Gyoergy wrote:> Hi all > > I''m now a little bit confused with networking. When should be bridging > used? And When should be the routed network used? > When I have one public IP address, and for the domU-s I would have private > ones (192.168....) then can I use bridged network? > Unfortunetly in docu I cannot see enough info for the routed network > settings (probably they assume that one is familiar with networking :)) > Thnx for the answers > > George>From what I can piece together of your issue you probably want ascenario like this. --------------- non rfc 1918 - Internet Address | | eth0 | dom0 | | eth1 | ---------------- rfc 1918 - Non Internet Routable | | | | | | | domU,s network dom0 configured for ip forwarding, iptables PREROUTING chain to forward traffic from Internet DA to domU. This would be used for access to the domU''s via the Internet Address used for the dom0. dom0 configured for ip forwarding, iptables POSTROUTING chain to forward traffic from domU to Internet. This would be used when the domU''s need to access the Internet. In your case you should diagram your traffic flow, setting things up properly requires an understanding of the flow of packets and how you want to manipulate those packets. Big difference in how one sets up a client side app, versus a server. Regards, Ted Regards, Ted _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users