Sergio, All,
This is very similar to the question I posted a couple of days ago regarding
the networking setup on a colo server with public IPs.
My settings are similar - but I have not got an IP assigned to eth0 on
domU....
On domU (FC4):
[root@dellserver ~]# brctl show xen-br0
bridge name bridge id STP enabled interfaces
xen-br0 8000.00142272e278 no eth0
vif1.0
[root@dellserver ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:14:22:72:E2:78
inet6 addr: fe80::214:22ff:fe72:e278/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15940810 errors:0 dropped:0 overruns:0 frame:0
TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4185960609 (3.8 GiB) TX bytes:3566 (3.4 KiB)
Base address:0xecc0 Memory:dfde0000-dfe00000
eth1 Link encap:Ethernet HWaddr 00:14:22:72:E2:79
inet addr:85.234.137.34 Bcast:85.234.137.255 Mask:255.255.255.0
inet6 addr: fe80::214:22ff:fe72:e279/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1117214 errors:0 dropped:0 overruns:0 frame:0
TX packets:62116 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:81320608 (77.5 MiB) TX bytes:86637157 (82.6 MiB)
Base address:0xdcc0 Memory:df9e0000-dfa00000
eth1:0 Link encap:Ethernet HWaddr 00:14:22:72:E2:79
inet addr:85.234.137.35 Bcast:85.234.137.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Base address:0xdcc0 Memory:df9e0000-dfa00000
eth1:1 Link encap:Ethernet HWaddr 00:14:22:72:E2:79
inet addr:85.234.137.36 Bcast:85.234.137.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Base address:0xdcc0 Memory:df9e0000-dfa00000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3591 errors:0 dropped:0 overruns:0 frame:0
TX packets:3591 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:290872 (284.0 KiB) TX bytes:290872 (284.0 KiB)
vif1.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:35 errors:0 dropped:0 overruns:0 frame:0
TX packets:467698 errors:0 dropped:4424 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2702 (2.6 KiB) TX bytes:26353434 (25.1 MiB)
xen-br0 Link encap:Ethernet HWaddr 00:14:22:72:E2:78
inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1081281 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:62848349 (59.9 MiB) TX bytes:378 (378.0 b)
[root@dellserver ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
85.234.137.0 * 255.255.255.0 U 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
default 85-234-137-1.po 0.0.0.0 UG 0 0 0 eth1
[root@dellserver ~]#
on my dom0 (FC4 also)
[root@dellserver ~]# xm console vm-colo1
************ REMOTE CONSOLE: CTRL-] TO QUIT ********
[root@vm-colo1 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr BA:D0:C0:FF:EE:01
inet addr:85.234.137.244 Bcast:85.234.137.255 Mask:255.255.255.0
inet6 addr: fe80::b8d0:c0ff:feff:ee01/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:560282 errors:0 dropped:0 overruns:0 frame:0
TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:31647509 (30.1 MiB) TX bytes:2702 (2.6 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)
[root@vm-colo1 ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
85.234.137.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
default dellserver.comw 0.0.0.0 UG 0 0 0 eth0
[root@vm-colo1 ~]#
What happens with this network configuration? Well I can ping eth1 on domU
but I am not able to ping e.g. the network gateway.
As you can see from my iptables output I have tried to use the rules as
outlined in the xensource wiki.
root@dellserver ~]# iptables -L
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere PHYSDEV match
--physdev-in eth0 ! --physdev-out eth0
ACCEPT all -- anywhere anywhere PHYSDEV match !
--physdev-in eth0 --physdev-out eth0
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:imap
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:http
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
[root@dellserver ~]#
Any thoughts on how I should be structuring my networking to resolve this
problem please?
Thanks.
Rob
On 11/25/05, Sergio Maffioletti (CSCS) <sergio.maffioletti@cscs.ch>
wrote:>
> Dear All
>
> I''m getting little bit confuse with networking settings for Dom0
when
> domUs
> are configured with public IP addresses.
>
> I''m not really sure whether dom0 really needs to setup any
particular
> iptable
> or not.
>
> basically each domU I have uses the subnet gateway and the default DNS as
> they
> were "ordinary" nodes.
>
> on dom0 (debian 2.4.30) : ifconfig
> -----------------
> eth0 Link encap:Ethernet HWaddr 00:0F:1F:D8:3B:59
> inet addr:148.187.33.171 Bcast:148.187.33.255 Mask:
> 255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:11167773 errors:0 dropped:0 overruns:0 frame:0
> TX packets:12111328 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:932153715 (888.9 MiB) TX bytes:3032069910 (2.8 GiB)
> Interrupt:16
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:28372 errors:0 dropped:0 overruns:0 frame:0
> TX packets:28372 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:2153493 (2.0 MiB) TX bytes:2153493 (2.0 MiB)
>
> vif1.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:28703 errors:0 dropped:0 overruns:0 frame:0
> TX packets:2897647 errors:0 dropped:124 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:2278631 (2.1 MiB) TX bytes:182743341 (174.2 MiB)
>
> vif4.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:45984 errors:0 dropped:0 overruns:0 frame:0
> TX packets:2879171 errors:0 dropped:207 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:6263702 (5.9 MiB) TX bytes:179213789 (170.9 MiB)
>
> xen-br0 Link encap:Ethernet HWaddr 00:0F:1F:D8:3B:59
> inet addr:148.187.33.171 Bcast:148.187.33.255 Mask:
> 255.255.255.255
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:11149307 errors:0 dropped:0 overruns:0 frame:0
> TX packets:12099488 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:709590887 (676.7 MiB) TX bytes:2982270139 (2.7 GiB)
> -----------------
>
> on domU vif4.0 (slc-3.0.5 kernel 2.4.30) ifconfig
> eth0 Link encap:Ethernet HWaddr AA:14:00:00:00:03
> inet addr:148.187.33.220 Bcast:148.187.33.255 Mask:
> 255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:2891601 errors:0 dropped:0 overruns:0 frame:0
> TX packets:46389 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:179968772 (171.6 Mb) TX bytes:6352167 (6.0 Mb)
>
> on domU vif1.0 (slc-3.0.5 kernel 2.4.30) ifconfig
> eth0 Link encap:Ethernet HWaddr AA:14:00:00:00:01
> inet addr:148.187.33.168 Bcast:148.187.33.255 Mask:
> 255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:2910674 errors:0 dropped:0 overruns:0 frame:0
> TX packets:28838 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:183542936 (175.0 Mb) TX bytes:2288739 (2.1 Mb)
>
>
> and everything seems to work beside that vif4.0 cannot ping vif1.0 (vice
> versa
> works indeed)
>
> I''m also experiencing temporary (order of 10 seconds) domUs
unreachable.
> does this has anything to do with the scheduler ?
> or am I just lucky that with a screwed up configuration things are
> randomly
> working ?
>
> thanks for any suggestion
> Regards
> Sergio :)
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users