Hi!
I''m running Debian sarge as dom0 and IPCop as domU. In my case IPCop
should handle all the internet/firewall stuff and dom0 should provide a
print and file server for the local network. dom0 should have the IP
192.168.1.1 and domU 192.168.1.2.
But I have problems getting the hole network stuff running. The machine
has two NICs, one for PPPoE and one for LAN.
Unfortunatly, the thing isn''t working at all. I can''t reach
either dom0 or
domU from a client in the network.
Though, I searched the archive and found out that it has something to do
with bridging and routing, I have no clue how to do that.
Here are some config files:
/etc/network/interfaces on dom0:
<snip>
auto lo eth0 eth1
iface lo inet loopback
iface eth0 inet static
address 192.168.1.1
netmask 255.255.255.0
iface eth1 inet manual
address 0.0.0.0
netmask 255.255.255.255
</snip>
/etc/xen/ipcop:
<snip>
kernel="/boot/vmlinuz-2.4.30-ipcop"
memory=32
name="ipcop"
disk=[''file:/mnt/vserver/images/ipcop.img,sda1,w'',''file:/mnt/vserver/images/ipcoplog.img,sda2,w'']
nics=2
vif=[''mac=aa:00:00:00:00:11, bridge=xen-br0'',
mac=bb:00:00:00:00:11,
bridge=eth1'']
root="/dev/sda1 ro"
extra="3"
pci=["00,00,0a", "00,00,0b"]
</snip>
>From /boot/grub/menu.lst:
<snip>
title Xen 2.0.7/Linux, kernel 2.6.11-xen0
root (hd0,0)
kernel /boot/vmlinuz-2.6.11-xen0 root=/dev/hda1 ro console=tty0
max_loop=16
savedefault
boot
</snip>
If someone please could tell if it''s first of all even possible to get
that thing running and if yes what do I need to do?
If you need any further information, please let me know.
--
Greetings,
Sebastian Pölsterl
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users
Hi Sebastian, On January 3, 2006 05:15 am, Sebastian Pölsterl wrote:> But I have problems getting the hole network stuff running. The machine > has two NICs, one for PPPoE and one for LAN.I ran into similar issues, and with help from searching various posts on the list as well as direct communication with a couple of people, I was able to some up with a solution....> Though, I searched the archive and found out that it has something to do > with bridging and routing, I have no clue how to do that.I''m more than happy to help you :-) Here is the solution I implemented, though I am sure there are other ones out there too :-) I am not running IPCop, but am running a Linux firewall as a domU (using a Dom0 kernel, actually...) I tried to get IPCop running once, but never really went too deep into it, and just decided to run a regular Linux box with Shorewall. I did see a post by someone (not sure who, offhand) who was able to hack IPCop to run under Xen. Anyway, here''s the solution I implemented: Frist, in looking at your /etc/xen/ipcop file, I notice the following: pci=["00,00,0a", "00,00,0b"] Presumably, these are PCI IDs (from ''lspci''??) of your two NICs you wish to use? I would just hide one of them (the one the Internet will plug into) and bridge the other one, you you can have physical machines be on the same LAN segment as well (via a physical hub/switch). To hide the NIC from Dom0, you need to add a parameter to your ''kernel'' line in the /boot/grub/menu.lst file. Let''s use, for example, the NIC with PCI ID of ''00:00.0a'' (though that seems incorrect to me as a PCI ID): kernel /boot/vmlinuz-2.6.11-xen0 root=/dev/hda1 ro console=tty0 max_loop=16 physdev_dom0_hide=(00:00.0a) (Note: The above is of course all on one line, but likely wraps in your mail viewer) You will need to reboot for the above to take effect. You will also need to change your /etc/xen/ipcop file, but we will take care of that in a bit. That takes care of the most complicated part - hiding the NIC to be used for the Internet connectivity from Dom0. The next part is to create the necessary bridge for your LAN. Open /etc/network/interfaces, and put the following: --- CUT HERE --- auto br-lan0 iface br-lan0 inet manual bridge_ports eth0 --- CUT HERE --- Now, in your /etc/xen/ipcop file, you need to make some changes; it should look something like this: --- CUT HERE --- kernel="/boot/vmlinuz-2.4.30-ipcop" memory=32 name="ipcop" disk=[''file:/mnt/vserver/images/ipcop.img,sda1,w'',''file:/mnt/vserver/images/ipcoplog.img,sda2,w''] nics=1 vif=[''mac=aa:00:00:00:00:11, bridge=br-lan0''] root="/dev/sda1 ro" extra="3" pci=["00,00,0a"] --- CUT HERE --- Start your IPCop domain and it should work :-) HTH. -Alan _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
> Hi! > > I''m running Debian sarge as dom0 and IPCop as domU. In my case IPCop > should handle all the internet/firewall stuff and dom0 should provide a > print and file server for the local network. dom0 should have the IP > 192.168.1.1 and domU 192.168.1.2. > > But I have problems getting the hole network stuff running. The machine > has two NICs, one for PPPoE and one for LAN. > Unfortunatly, the thing isn''t working at all. I can''t reach either dom0 or > domU from a client in the network. > Though, I searched the archive and found out that it has something to do > with bridging and routing, I have no clue how to do that. >Finally, I got it working. Here are my final config files: ### /etc/network/interfaces ### auto lo iface lo inet loopback auto eth0 iface eth0 inet manual up ifconfig eth0 0.0.0.0 promisc up auto eth1 iface eth1 inet manual up ifconfig eth0 0.0.0.0 promisc up auto br-lan0 iface br-lan0 inet manual address 192.168.1.1 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.2 dns-nameservers 192.168.1.2 bridge_ports eth0 bridge_hello 1 bridge_fd 1 up ifconfig br-lan0 192.168.1.1 broadcast 192.168.1.255 netmask 255.255.255.0 up up route add default gw 192.168.1.2 ### END ### ### /etc/xen/ipcop ### kernel="/boot/vmlinuz-2.4.30-ipcop" memory=32 name="ipcop" disk=[''file:/mnt/vserver/images/ipcop.img,sda1,w'', ''file:/mnt/vserver/images/ipcoplog.img,sda2,w''] nics=1 dhcp="off" ip="192.168.1.2" netmask="255.255.255.0" vif=[''mac=aa:00:00:00:00:11, bridge=br-lan0''] root="/dev/sda1 ro" extra="3" pci=["00,0a,0"] ### END ### ### /boot/grub/menu.lst ### title Xen 2.0.7/Linux, kernel 2.6-xen0 root (hd0,0) kernel /boot/xen.gz dom0_mem=131072 physdev_dom0_hide=(00:0a.0) module /boot/vmlinuz-2.6-xen0 root=/dev/sda1 ro console=tty0 max_loop=16 savedefault boot ### END ### The NIC that''s responsible for the internet connection is eth1 with PCI id 00:0a.0 -- Gruß, Sebastian Pölsterl _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users