Short description of my problem: I''m running Xen 3.0 on Debian testing. I created two additional bridge interfaces and a XenU domain as router which I connected to all bridges. On two of the bridges I want to run a private network. For the router to do its work I copied and modified a setup from a router I am already running on a real computer. Even though I can ping and traceroute from one virtual network to another (even into the internet), it is not possible to get any other traffic from one network to another. So if I use ssh or http, the connection always fails. But this is not due to firewall rules. Does anyone have a clue why it does not work? Longer description: My Xen0 has two ethernet interfaces. One (eth0) is connected to my physical LAN, the other one (eth1) is connected to a DSL-modem. The peth0 interface of Xen0 is attached to xen-br0. I attached eth1 to a bridge called br-ppp. I created another bridge called br-dmz. And I connected eth1 to br-ppp. For the bridge setup I wrote the following lines into /etc/network/interfaces auto br-dmz iface br-dmz inet static pre-up brctl addbr br-dmz post-down brctl delbr br-dmz address 0.0.0.0 netmask 255.255.255.255 bridge_fd 0 bridge_hello 0 bridge_stp off auto br-ppp iface br-ppp inet static pre-up brctl addbr br-ppp post-down brctl delbr br-ppp address 0.0.0.0 netmask 255.255.255.255 bridge_fd 0 bridge_hello 0 bridge_stp off The XenU router config looks like this: kernel = "/boot/xen-linux-2.6.12.6-router-xenu" memory = 128 name = "xenu-router" vif = [ ''bridge=br-ppp'', ''mac=00:16:3E:00:13:01, bridge=xen-br0'', ''mac=00:16:3E:00:12:01, bridge=br-dmz'' ] disk = [ ''file:/home/xen/domains/xenu-router/disk.img,sda1,w'',''file:/home/xen/domains/xenu-router/swap.img,sda2,w''] root = "/dev/sda1 ro" So the XenU-router''s eth0 is connected to br-ppp, eth1 is connected to xen-br0 and eth2 is connected to br-dmz. I started the router and at first everything seemed to work fine. The pppoe connection could be established and I was able to access the internet from the router. As well could I access the internet from my notebook which is connected to my LAN. Everything seemed to be as normal. I brought up another XenU domain which I connected to br-dmz. It was assigned an IP-address by the router''s dhcp server. The strange thing was that I could establish a connection to the router, but not to the internet, not to the LAN and not to Xen0. As well was it not possible to establish a connection in the other direction (LAN -> dmz, internet-> dmz). But it was possible in both directions to ping machines and to use traceroute which told the correct routes. I made another try and connected the XenU to xen-br0. This time it was possible to reach the XenU from the LAN via ssh. But it was still impossible to connect to the internet from the XenU. Finally I found out that Xen0 could not connect to the internet as well. After a reboot I saw that vif1.0 was connected to br-dmz even though there was no XenU running. vif0.0 was connected to xen-br0 as usual. I have no clue why Xen connects that interface vif1.0 to br-dmz. The interface should be reserved for the first XenU that is started. But the first XenU to be started is assigned vif2.0. To make sure that this was not the cause of the problem, I created another bridge and let the router and the other XenU connect to this bridge instead of br-dmz. But the problems remained the same. Does anyone know why such a situation can occurr in this context where it is possible to ping and traceroute everywhere but any "real" connection cannot be established? _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Short description of my problem: I''m running Xen 3.0 on Debian testing. I created two additional bridge interfaces and a XenU domain as router which I connected to all bridges. On two of the bridges I want to run a private network. For the router to do its work I copied and modified a setup from a router I am already running on a real computer. Even though I can ping and traceroute from one virtual network to another (even into the internet), it is not possible to get any other traffic from one network to another. So if I use ssh or http, the connection always fails. But this is not due to firewall rules. Does anyone have a clue why it does not work? Longer description: My Xen0 has two ethernet interfaces. One (eth0) is connected to my physical LAN, the other one (eth1) is connected to a DSL-modem. The peth0 interface of Xen0 is attached to xen-br0. I attached eth1 to a bridge called br-ppp. I created another bridge called br-dmz. And I connected eth1 to br-ppp. For the bridge setup I wrote the following lines into /etc/network/interfaces auto br-dmz iface br-dmz inet static pre-up brctl addbr br-dmz post-down brctl delbr br-dmz address 0.0.0.0 netmask 255.255.255.255 bridge_fd 0 bridge_hello 0 bridge_stp off auto br-ppp iface br-ppp inet static pre-up brctl addbr br-ppp post-down brctl delbr br-ppp address 0.0.0.0 netmask 255.255.255.255 bridge_fd 0 bridge_hello 0 bridge_stp off The XenU router config looks like this: kernel = "/boot/xen-linux-2.6.12.6-router-xenu" memory = 128 name = "xenu-router" vif = [ ''bridge=br-ppp'', ''mac=00:16:3E:00:13:01, bridge=xen-br0'', ''mac=00:16:3E:00:12:01, bridge=br-dmz'' ] disk = [ ''file:/home/xen/domains/xenu-router/disk.img,sda1,w'',''file:/home/xen/domains/xenu-router/swap.img,sda2,w''] root = "/dev/sda1 ro" So the XenU-router''s eth0 is connected to br-ppp, eth1 is connected to xen-br0 and eth2 is connected to br-dmz. I started the router and at first everything seemed to work fine. The pppoe connection could be established and I was able to access the internet from the router. As well could I access the internet from my notebook which is connected to my LAN. Everything seemed to be as normal. I brought up another XenU domain which I connected to br-dmz. It was assigned an IP-address by the router''s dhcp server. The strange thing was that I could establish a connection to the router, but not to the internet, not to the LAN and not to Xen0. As well was it not possible to establish a connection in the other direction (LAN -> dmz, internet-> dmz). But it was possible in both directions to ping machines and to use traceroute which told the correct routes. I made another try and connected the XenU to xen-br0. This time it was possible to reach the XenU from the LAN via ssh. But it was still impossible to connect to the internet from the XenU. Finally I found out that Xen0 could not connect to the internet as well. After a reboot I saw that vif1.0 was connected to br-dmz even though there was no XenU running. vif0.0 was connected to xen-br0 as usual. I have no clue why Xen connects that interface vif1.0 to br-dmz. The interface should be reserved for the first XenU that is started. But the first XenU to be started is assigned vif2.0. To make sure that this was not the cause of the problem, I created another bridge and let the router and the other XenU connect to this bridge instead of br-dmz. But the problems remained the same. Does anyone know why such a situation can occurr in this context where it is possible to ping and traceroute everywhere but any "real" connection cannot be established? _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Mon, Jan 30 ''06 at 16:13, Harald Hetzner wrote:> I''m running Xen 3.0 on Debian testing. I created two additional bridge > interfaces and a XenU domain as router which I connected to all bridges. > ... Even though I can ping and traceroute from > one virtual network to another (even into the internet), it is not > possible to get any other traffic from one network to another.You must disable the TX offloading (ethtool -K eth0 tx off) on all network interfaces of your DomUs. While this offloading is supposed to work it does not work on any of my DomUs. :-( With TX offloading disables everything works as expected. -- Goetz Bock (c) 2006 as blacknet.de - Munich - Germany /"\ IT Consultant Creative Commons secure mobile Linux everNETting \ / X ASCII Ribbon Campaign against HTML email & microsoft attachments / \ _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users