Xen users - Jul 2006 - Problem: hidding all NICs from dom0, how to create a virtual one

Hello,

first of all some information, I have a PC with two NICs. One is wired and 
connected to a DSL-Modem and one is wireless. I handed both of them over to a 
domU with pciback.hide=(00:0f.0)(00:0a.0). 
The reason for this setup is that I don''t have another NIC for the
modem and
actually don''t need wired network access. Another point was that I
wanted to
keep the dom0 really small and without any services (except ssh).

Since dom0 doesn''t have a hardware NIC anymore, I have a problem. The
bridge
appears and if I give it an ip (192.168.80.2) I''m able to ping the
Internet
but no NAT and no Forwards or anything works even if I accept all traffic on 
the router.
Using my Notebook I''m able to surf the net and everything. The
firewallsetup
for both nets is more or less the same, so it should work.

So I''m sort of stuck here. My question is, can I create a virtual NIC
for dom0
aswell (like vif1.0 in the domUs)? If so how? I tried looking at the xen 
networkscripts but didn''t find any solution there. The various search
engines
didn''t help either, they all had a spare NIC.

In case my explanation wasn''t understandable, I got a network sketch
online in
hope that helps. http://jonathan.v-o-g-t.net/images/xen.gif is how it''s
supposed to look/function like. (vdr and webserver are not implemented yet)

Cheers
Jonathan


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi all
> So I''m sort of stuck here. My question is, can I create a virtual
NIC for
> dom0 aswell (like vif1.0 in the domUs)? If so how?
Is this possible with the dummy device? Or does the dummy device only drop 
packages? 

Cheers
Jonathan


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Jonathan Vogt wrote:
> Hi all
Hi Jonathon,
> 
>>So I''m sort of stuck here. My question is, can I create a
virtual NIC for
>>dom0 aswell (like vif1.0 in the domUs)?
Yes

  If so how?
> 
Try uml-utilities.  Can''t say if it''s better/worse than
anything else
but works for me.

I use bridged networking and let host#1 serve as the firewall/router, 
and keep dom0 as isolated as possible; dom0 uses a tap and all the hosts 
use the eth''s  Here''s a sample xend startup script
(it''s very rudimentary).

"my-network-bridge"
#!/bin/bash

$LAN = ''10.20.30''

# uml-utities let''s me create a virtual device
/usr/bin/tunctl -t tap0

# start 3 bridges and 4 devices
/etc/xen/scripts/network-bridge start bridge=LAN netdev=eth0 vifnum=0
/etc/xen/scripts/network-bridge start bridge=DMZ netdev=eth1 vifnum=1
/etc/xen/scripts/network-bridge start bridge=WAN netdev=eth2 vifnum=2
/etc/xen/scripts/network-bridge start bridge=LAN netdev=tap0 vifnum=3

# none of the ethX devices have addresses
# give one to "tap0" and bring it up
/sbin/ip address add $LAN.254/24 dev tap0
/sbin/ip link set dev tap0 up

# give dom0 a way out, i.e a "default gateway"
/sbin/ip route add default via $LAN.1 dev tap0

# aaaargh! just in case
ethtool -K tap0 tx off
----------------------------------------------

After xend starts this is what this dom0 looks like:


[mike@lan254 xen]$ ip address list | grep ''inet ''
     inet 127.0.0.1/8 scope host lo
     inet 10.20.30.254/24 scope global tap0


[mike@lan254 xen]$ ip route list
10.20.30.0/24 dev tap0  proto kernel  scope link  src 10.20.30.254
default via 10.20.30.1 dev tap0


[mike@lan254 xen]$ brctl show
bridge name     bridge id               STP enabled     interfaces
DMZ             8000.feffffffffff       no              peth1
                                                         vif0.1
                                                         vif1.1
                                                         vif2.0
                                                         vif3.0
LAN             8000.feffffffffff       no              peth0
                                                         ptap0
                                                         vif0.0
                                                         vif0.3
                                                         vif1.0
WAN             8000.feffffffffff       no              peth2
                                                         vif0.2
                                                         vif1.2

Hope that makes sense.

Good luck,
Mike Wright

> Is this possible with the dummy device? Or does the dummy device only drop 
> packages? 
> 
> Cheers
> Jonathan
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users