Hello, [ Sorry for second posting, I see the previous one was erroneously associated with the previous thread with the same subject in the archive ] I have a server running Xen 3.0.2. It has 3 ethernet cards: eth0 is behind a DSL router in network 192.168.1, eth1 is connected to LAN 192.168.5, eth2 is used for something else, unrelated to my question. DomUs host virtual servers on 192.168.4, and I want to make dom0 a firewall for virtual servers and for internal network. I am trying to use routing setup of Xen but cannot make it work. The configuration for test domU is kernel = "/boot/vmlinuz-2.6.16-xen" memory = 256 name = "tst" disk = [ ''phy:sda5,hda1,w'', ''phy:sda6,hda2,w'' ] vif = [ ''ip=192.168.4.200,mac=00:16:3e:00:00:01'' ] netmask = "255.255.255.0" dhcp = "off" hostname = "tst" root = "/dev/hda1 ro" extra = "4" Whether I configure networking for domU in /etc/network/interfaces or not, domU is brought up with eth0 down (but routing to its IP gets added to dom0''s routing table). If I manually configure domU''s network by ifconfig eth0 inet 192.168.4.200 netmask 255.255.255.0 route add default dev eth0 I am able to ping domU (192.168.4.200) from dom0 (192,168.1.111) and vice versa, but I cannot ping anything outside the server from domU. Am I missing something obvious in routing setup? Is there a way to configure domU''s networking via configs? Standard way does not seem to work. I do not mind to put the above commands to rc.local, but is there better way? The system is running Ubuntu 6.06 LTS with kernel 2.6.16 installed from Dapper packages. Both /proc/sys/net/ipv4/conf/eth0/proxy_arp and /proc/sys/net/ipv4/ip_forward are set to 1. Thanks a lot, Alex _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Alexey Koptsevich wrote:> I am able to ping domU (192.168.4.200) from dom0 (192,168.1.111) > and vice versa, but I cannot ping anything outside the server from domU. > Am I missing something obvious in routing setup? > > Is there a way to configure domU''s networking via configs? > Standard way does not seem to work. I do not mind to put the above > commands to rc.local, but is there better way?Same happens here. Can ping the Internet, but cannot get pinged from any of the PCs in the LAN, nor ping them. I hope someone can throw some light here with this routing thing, as I can''t use bridging because the server is also acting as a proxy-cache and router. -- Jaume Sabater http://linuxsilo.net/ "Ubi sapientas ibi libertas" _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Alexey Koptsevich
2006-Sep-21 01:15 UTC
Re: [Xen-users] routing problem in network-route mode
It was indeed obvious: if domU''s IP is private, network-nat must be used. I was also trying to figure out how to specify default gateway for domU in routing configuration: I thought I should use IP of vif<domU>.0 from dom0 for it, so I tried to find the determine the rule how it is chosen. But it turned out it does not necessarily should be this IP, it can be any IP from domU''s subnet -- it looks strange, but works. Alex On 9/18/06, Jaume Sabater <jsabater@linuxsilo.net> wrote:> Alexey Koptsevich wrote: > > > I am able to ping domU (192.168.4.200) from dom0 (192,168.1.111) > > and vice versa, but I cannot ping anything outside the server from domU. > > Am I missing something obvious in routing setup? > > > > Is there a way to configure domU''s networking via configs? > > Standard way does not seem to work. I do not mind to put the above > > commands to rc.local, but is there better way? > > Same happens here. Can ping the Internet, but cannot get pinged from any > of the PCs in the LAN, nor ping them. I hope someone can throw some > light here with this routing thing, as I can''t use bridging because the > server is also acting as a proxy-cache and router._______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users