Hello,
I''m now using Xen unstable, which works very nice.
For me it''s generally more stable than 2.0 (no FPU problem now).
I have noticed that veth0 and vif0.0 appear in net devices,
and veth0 is attached to xen-br0. Routing to the bridge network is
now through veth0, instead of xen-br0 like it used to be.
The problem is, my iptables configuration (on dom0) complains
with this setup. This message appears in kernel log (dmesg):
Performing cross-bridge DNAT requires IP forwarding to be enabled
I''m DNATting DNS requests from Internet to domU, and it
doesn''t work.
Killing veth0 and assigning IP address to xen-br0 fix this problem:
# ifconfig veth0 0.0.0.0
# ifconfig xen-br0 10.1.1.1 netmask 255.255.255.0
Frontend net device is disabled in dom0 kernel .config.
Could someone explain what is veth0 and its purpose?
Thanks,
--
Takeshi
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users
Hello, i would think that all you would need to so if thats the error you get is to enable ip forwarding in the dom0 kernel. Generally that is done with echo "1" > /proc/sys/net/ipv4/ip_forward if memory serves, I believe you have to reboot for this to take effect. Hope this helps you out some. John Fairbairn> Hello, > > I''m now using Xen unstable, which works very nice. > For me it''s generally more stable than 2.0 (no FPU problem now). > > I have noticed that veth0 and vif0.0 appear in net devices, > and veth0 is attached to xen-br0. Routing to the bridge network is > now through veth0, instead of xen-br0 like it used to be. > > The problem is, my iptables configuration (on dom0) complains > with this setup. This message appears in kernel log (dmesg): > > Performing cross-bridge DNAT requires IP forwarding to be enabled > > I''m DNATting DNS requests from Internet to domU, and it doesn''t work. > > Killing veth0 and assigning IP address to xen-br0 fix this problem: > > # ifconfig veth0 0.0.0.0 > # ifconfig xen-br0 10.1.1.1 netmask 255.255.255.0 > > Frontend net device is disabled in dom0 kernel .config. > > Could someone explain what is veth0 and its purpose? > > Thanks, > -- > Takeshi > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Carl Holtje ;021;vcsg6;
2005-Jul-08 17:42 UTC
Re: [Xen-users] Networking change in Xen unstable
On Fri, 8 Jul 2005, John Fairbairn wrote:> Hello, > i would think that all you would need to so if thats the error you get > is to enable ip forwarding in the dom0 kernel. Generally that is done > with > > echo "1" > /proc/sys/net/ipv4/ip_forward > > if memory serves, I believe you have to reboot for this to take effect./proc is a viritual filesystem -- reboot and its'' contents are lost.. If you want to make it "permanent", look into sysctl.. Hope this helps.. Carl> > Hello, > > > > I''m now using Xen unstable, which works very nice. > > For me it''s generally more stable than 2.0 (no FPU problem now). > > > > I have noticed that veth0 and vif0.0 appear in net devices, > > and veth0 is attached to xen-br0. Routing to the bridge network is > > now through veth0, instead of xen-br0 like it used to be. > > > > The problem is, my iptables configuration (on dom0) complains > > with this setup. This message appears in kernel log (dmesg): > > > > Performing cross-bridge DNAT requires IP forwarding to be enabled > > > > I''m DNATting DNS requests from Internet to domU, and it doesn''t work. > > > > Killing veth0 and assigning IP address to xen-br0 fix this problem: > > > > # ifconfig veth0 0.0.0.0 > > # ifconfig xen-br0 10.1.1.1 netmask 255.255.255.0 > > > > Frontend net device is disabled in dom0 kernel .config. > > > > Could someone explain what is veth0 and its purpose? > > > > Thanks, > > -- > > Takeshi > > > > _______________________________________________ > > Xen-users mailing list > > Xen-users@lists.xensource.com > > http://lists.xensource.com/xen-users > > > > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users >- -- "There are 10 types of people in the world: Those who understand binary and those that don''t." $>whoami: Carl Holtje $>mail holtje: cwh0803@cs.rit.edu $>cu: http://www.cs.rit.edu/~cwh0803 $>whois holtje: Segmentation Fault $> _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hello John, ip_forward has been always on. This machine is working also as a router for other PCs at my home. Thanks for reply anyway. On Fri, Jul 08, 2005 at 12:27:50PM -0500, John Fairbairn wrote:> Hello, > i would think that all you would need to so if thats the error you get > is to enable ip forwarding in the dom0 kernel. Generally that is done > with > > echo "1" > /proc/sys/net/ipv4/ip_forward > > if memory serves, I believe you have to reboot for this to take effect. > > Hope this helps you out some. > John Fairbairn > > > Hello, > > > > I''m now using Xen unstable, which works very nice. > > For me it''s generally more stable than 2.0 (no FPU problem now). > > > > I have noticed that veth0 and vif0.0 appear in net devices, > > and veth0 is attached to xen-br0. Routing to the bridge network is > > now through veth0, instead of xen-br0 like it used to be. > > > > The problem is, my iptables configuration (on dom0) complains > > with this setup. This message appears in kernel log (dmesg): > > > > Performing cross-bridge DNAT requires IP forwarding to be enabled > > > > I''m DNATting DNS requests from Internet to domU, and it doesn''t work. > > > > Killing veth0 and assigning IP address to xen-br0 fix this problem: > > > > # ifconfig veth0 0.0.0.0 > > # ifconfig xen-br0 10.1.1.1 netmask 255.255.255.0 > > > > Frontend net device is disabled in dom0 kernel .config. > > > > Could someone explain what is veth0 and its purpose? > > > > Thanks, > > -- > > Takeshi > > > > _______________________________________________ > > Xen-users mailing list > > Xen-users@lists.xensource.com > > http://lists.xensource.com/xen-users > > > > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users-- そね _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
> > echo "1" > /proc/sys/net/ipv4/ip_forward > > > > if memory serves, I believe you have to reboot for this to take effect. > > /proc is a viritual filesystem -- reboot and its'' contents are lost..There''s a file called (something like) /etc/sysctl.conf for setting /proc/sys values persistently (they''re set again at each boot). Cheers, Mark> If you want to make it "permanent", look into sysctl.. > > Hope this helps.. > > Carl > > > > Hello, > > > > > > I''m now using Xen unstable, which works very nice. > > > For me it''s generally more stable than 2.0 (no FPU problem now). > > > > > > I have noticed that veth0 and vif0.0 appear in net devices, > > > and veth0 is attached to xen-br0. Routing to the bridge network is > > > now through veth0, instead of xen-br0 like it used to be. > > > > > > The problem is, my iptables configuration (on dom0) complains > > > with this setup. This message appears in kernel log (dmesg): > > > > > > Performing cross-bridge DNAT requires IP forwarding to be enabled > > > > > > I''m DNATting DNS requests from Internet to domU, and it doesn''t work. > > > > > > Killing veth0 and assigning IP address to xen-br0 fix this problem: > > > > > > # ifconfig veth0 0.0.0.0 > > > # ifconfig xen-br0 10.1.1.1 netmask 255.255.255.0 > > > > > > Frontend net device is disabled in dom0 kernel .config. > > > > > > Could someone explain what is veth0 and its purpose? > > > > > > Thanks, > > > -- > > > Takeshi > > > > > > _______________________________________________ > > > Xen-users mailing list > > > Xen-users@lists.xensource.com > > > http://lists.xensource.com/xen-users > > > > _______________________________________________ > > Xen-users mailing list > > Xen-users@lists.xensource.com > > http://lists.xensource.com/xen-users > > - -- > > "There are 10 types of people in the world: Those who understand binary > and those that don''t." > > $>whoami: Carl Holtje > $>mail holtje: cwh0803@cs.rit.edu > $>cu: http://www.cs.rit.edu/~cwh0803 > $>whois holtje: > Segmentation Fault > $> > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hello Mark, So, could you answer to my original question? Networking change in unstable breaks my network configuration. /proc/sys/net/ipv4/ip_forward is not the culprit, since it''s been enabled for years. What is veth0 thing? Now I have to kill it after every reboot. On Sat, Jul 09, 2005 at 05:46:51PM +0100, Mark Williamson wrote:> > > echo "1" > /proc/sys/net/ipv4/ip_forward > > > > > > if memory serves, I believe you have to reboot for this to take effect. > > > > /proc is a viritual filesystem -- reboot and its'' contents are lost.. > > There''s a file called (something like) /etc/sysctl.conf for setting /proc/sys > values persistently (they''re set again at each boot). > > Cheers, > Mark > > > If you want to make it "permanent", look into sysctl.. > > > > Hope this helps.. > > > > Carl > > > > > > Hello, > > > > > > > > I''m now using Xen unstable, which works very nice. > > > > For me it''s generally more stable than 2.0 (no FPU problem now). > > > > > > > > I have noticed that veth0 and vif0.0 appear in net devices, > > > > and veth0 is attached to xen-br0. Routing to the bridge network is > > > > now through veth0, instead of xen-br0 like it used to be. > > > > > > > > The problem is, my iptables configuration (on dom0) complains > > > > with this setup. This message appears in kernel log (dmesg): > > > > > > > > Performing cross-bridge DNAT requires IP forwarding to be enabled > > > > > > > > I''m DNATting DNS requests from Internet to domU, and it doesn''t work. > > > > > > > > Killing veth0 and assigning IP address to xen-br0 fix this problem: > > > > > > > > # ifconfig veth0 0.0.0.0 > > > > # ifconfig xen-br0 10.1.1.1 netmask 255.255.255.0 > > > > > > > > Frontend net device is disabled in dom0 kernel .config. > > > > > > > > Could someone explain what is veth0 and its purpose? > > > > > > > > Thanks, > > > > -- > > > > Takeshi > > > > > > > > _______________________________________________ > > > > Xen-users mailing list > > > > Xen-users@lists.xensource.com > > > > http://lists.xensource.com/xen-users > > > > > > _______________________________________________ > > > Xen-users mailing list > > > Xen-users@lists.xensource.com > > > http://lists.xensource.com/xen-users > > > > - -- > > > > "There are 10 types of people in the world: Those who understand binary > > and those that don''t." > > > > $>whoami: Carl Holtje > > $>mail holtje: cwh0803@cs.rit.edu > > $>cu: http://www.cs.rit.edu/~cwh0803 > > $>whois holtje: > > Segmentation Fault > > $> > > > > _______________________________________________ > > Xen-users mailing list > > Xen-users@lists.xensource.com > > http://lists.xensource.com/xen-users > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users-- Takeshi _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
> What is veth0 thing?Although you can give dom0 a local ip address on the bridge (xen-br0), its not actually entirely safe to do so if you''re running services that are accessible from other domains -- its possible to get into buffer startvation situations, particularly with UDP services. The unstable tree creates a veth0 interface to use in dom0 that avoids these issues. You''ll have to update your iptables etc rules accordingly. If you''re not running services accessible from other domains you could continue to assign an IP addr to the bridge. Ian _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hello Ian, Thanks for explanation. I don''t and won''t (I think) have services on dom0 for domUs. I will modify /etc/xen/script/network to not use veth0 so I won''t have to manually kill veth0 after every reboot. Wish there were easier way to do it.. On Sun, Jul 10, 2005 at 06:28:15PM +0100, Ian Pratt wrote:> > > What is veth0 thing? > > Although you can give dom0 a local ip address on the bridge (xen-br0), > its not actually entirely safe to do so if you''re running services that > are accessible from other domains -- its possible to get into buffer > startvation situations, particularly with UDP services. > > The unstable tree creates a veth0 interface to use in dom0 that avoids > these issues. You''ll have to update your iptables etc rules accordingly. > > If you''re not running services accessible from other domains you could > continue to assign an IP addr to the bridge. > > Ian > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users-- Takeshi _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users