Outback Dingo
2008-Feb-29 16:20 UTC
[Xen-users] REPOST - Debian Etch, XEN 3.2 PAE Routed Nat problem
Ok, installed debian 4 Etch, XEN 3.2 PAE, booted all fine setup 2 FreeBSD domUs followed the Routing and Nat guide precisely based on http://wiki.kartbuilding.net/index.php/Xen_Networking domUs 10.0.0.1 and 10.0.0.2 can see the dom0, 192.168.1.3 and the internet route 192.168.1.1 fine domUs can access dom0 domUs and dom0 can access internet domUs cannot see each other. i can ssh from domUs to everything, except another domU subnets are 255.255.255.0 per the docs gateways 10.0.0.254 per the docs i did notice all the MACs in the each of the domUs are Internet: Destination Gateway Flags Refs Use Netif Expire default 10.0.0.254 UGS 0 7 xn0 10.0.0.0/24 link#1 UC 0 0 xn0 10.0.0.2 fe:ff:ff:ff:ff:ff UHLW 1 398 xn0 796 10.0.0.128 fe:ff:ff:ff:ff:ff UHLW 1 96 xn0 1168 10.0.0.254 fe:ff:ff:ff:ff:ff UHLW 2 0 xn0 766 127.0.0.1 127.0.0.1 UH 0 0 lo0 and in dom0 debian:/home/dingo# ifconfig eth2 Link encap:Ethernet HWaddr 00:13:ce:eb:e4:0b inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::213:ceff:feeb:e40b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1104 errors:0 dropped:1 overruns:0 frame:0 TX packets:932 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:769734 (751.6 KiB) TX bytes:101068 (98.6 KiB) Interrupt:18 Base address:0x2000 Memory:c0002000-c0002fff lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:16 errors:0 dropped:0 overruns:0 frame:0 TX packets:16 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:800 (800.0 B) TX bytes:800 (800.0 B) vif1.0 Link encap:Ethernet HWaddr fe:ff:ff:ff:ff:ff inet addr:10.0.0.128 Bcast:0.0.0.0 Mask:255.255.255.255 inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:483 errors:0 dropped:0 overruns:0 frame:0 TX packets:355 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:43202 (42.1 KiB) TX bytes:35079 (34.2 KiB) vif2.0 Link encap:Ethernet HWaddr fe:ff:ff:ff:ff:ff inet addr:10.0.0.129 Bcast:0.0.0.0 Mask:255.255.255.255 inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:389 errors:0 dropped:0 overruns:0 frame:0 TX packets:551 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:36130 (35.2 KiB) TX bytes:53343 (52.0 KiB) vif3.0 Link encap:Ethernet HWaddr fe:ff:ff:ff:ff:ff inet addr:10.0.0.130 Bcast:0.0.0.0 Mask:255.255.255.255 inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:372 (372.0 B) TX bytes:1188 (1.1 KiB) debian:/home/dingo# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 10.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 vif1.0 10.0.0.3 0.0.0.0 255.255.255.255 UH 0 0 0 vif3.0 10.0.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 vif2.0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth2 any insight ? _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
GP lisper
2008-Mar-02 12:06 UTC
[Xen-users] Re: REPOST - Debian Etch, XEN 3.2 PAE Routed Nat problem
On Fri, 29 Feb 2008 11:20:14 -0500, <outbackdingo@gmail.com> wrote:> > Ok, installed debian 4 Etch, XEN 3.2 PAE, booted all fine setup 2 FreeBSD > domUs > followed the Routing and Nat guide precisely based on > http://wiki.kartbuilding.net/index.php/Xen_Networking > > domUs 10.0.0.1 and 10.0.0.2 can see the dom0, 192.168.1.3 and the internet > route 192.168.1.1 fine > domUs can access dom0 > domUs and dom0 can access internet > domUs cannot see each other. i can ssh from domUs to everything, except > another domUWorking as expected.>From the gentoo manual at http://www.gentoo.org/doc/en/xen-guide.xml"When selecting the routed approach, the interface inside your unpriviledged domain is connected to the virtual interface on your administrative domain. On your administrative domain (domain 0), the virtual interface is linked together with eth0. The interface inside your unpriviledged domain should have an IP address on the same network as the interface on the administrative domain. Any communication to that IP address can only occur from the administrative domain, unless you set up specific routing rules." As I''m just bringing up a Xen and haven''t learned yet how the devs butchered normal routing rules to fit their virtualization concept, I''m reluctant to suggest something. ''man route'' and moving the DomU to separate /24s are good ideas, a tool such as wireshark should provide clues. -- One of the strokes of genius from McCarthy was making lists the center of the language - kt _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users