thr3ads.net - Xen users - [Xen-users] Xen 3.0 and a virtual net (brouter with masq) (Repost in plaintext) [Mar 2006]

If this information is useful, please help other people find it:
Share via:

Arjen Runsink

2006-Mar-04 09:20 UTC

[Xen-users] Xen 3.0 and a virtual net (brouter with masq) (Repost in plaintext)

Hi All,

My previous post accidentally made it it to this list as a HTML text. 
This was unintentional. In the hope someone can still point me in the 
right direction for this I am reposting my question


I am trying to create the following configuration:

dom0:

   |---eth2 Masquerading interface to OUTSIDE
   |
   |---eth0 LAN:10.0.1.1/24
   |
   |---eth1 WLAN:10.0.2.1/24
   |
   |---xenbr0 DMZ:10.0.3.1/24
          |
          |-- vifX.0 -- eth0 of domU:10.0.3.2


I would like to do it this way because I will not be using xen all the 
time on this machine.

I created a network-virtual script which sets up the xenbr0 bridge and 
gives it an IP, analogues to how a brouting setup would be.

The vif-bridge script is unchanged and used when a domU is started to 
attach it''s vif to it.

users on the LAN and WLAN are allowed to reach the DMZ and OUTSIDE
domU in the DMZ is allowed to reach OUTSIDE.

This all works, except for one thing. the domU does not react to 
incoming packages for it.

When I ping from a host on the LAN and run tcpdump on eth0 in the domU, 
I can see the icmp packages coming in like expected. But the domU just 
will not reply to them.

iptables were flushed etc.
no messages in dmesg or /var/log/messages on the domU

So maybe someone on this list might have an idea what setting might be 
the cause here?

BB, Arjen

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Arjen Runsink

2006-Mar-11 10:31 UTC

head link

Re: [Xen-users] Xen 3.0 and a virtual net (brouter with masq) (Repost in plaintext)

The issue has been resolved.

On Saturday 04 March 2006 10:20, Arjen Runsink wrote:
> I am trying to create the following configuration:
>
> dom0:
>    |---eth2 Masquerading interface to OUTSIDE
>    |
>    |---eth0 LAN:10.0.1.1/24
>    |
>    |---eth1 WLAN:10.0.2.1/24
>    |
>    |---xenbr0 DMZ:10.0.3.1/24
>                    |
>                    |-- vifX.0 -- eth0 of domU:10.0.3.2
It did not work because I forgot that suse 10 is very secure by default. 
Configuring the suse firewall changed all that.

For anyone interested, on this page I describe my configuration:
http://en.opensuse.org/Xen3_and_a_Virtual_Network

BB, Arjen

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Andrej Radonic

2006-Mar-11 12:21 UTC

head link

Re: [Xen-users] Xen 3.0 and a virtual net (brouter with masq) (Repost in plaintext)

Hello Arjen,

Arjen Runsink wrote:> The issue has been resolved.
>
> On Saturday 04 March 2006 10:20, Arjen Runsink wrote:
>
>   
>> I am trying to create the following configuration:
>>
>> dom0:
>>    |---eth2 Masquerading interface to OUTSIDE
>>    |
>>    |---eth0 LAN:10.0.1.1/24
>>    |
>>    |---eth1 WLAN:10.0.2.1/24
>>    |
>>    |---xenbr0 DMZ:10.0.3.1/24
>>                    |
>>                    |-- vifX.0 -- eth0 of domU:10.0.3.2
>>     
>
> It did not work because I forgot that suse 10 is very secure by default. 
> Configuring the suse firewall changed all that.
>
> For anyone interested, on this page I describe my configuration:
> http://en.opensuse.org/Xen3_and_a_Virtual_Network
>   thank you for your helpful insights! There is, however, one small error 
in your text: in the section "Brouter Setup" the sentence "To
accomplish
this I use a special script to be started when xend is started, but the 
regular script for starting the domU''s" just ends without being 
completed (to me anyway). But I am really wondering what you have to say 
here.

Thanks again,
Andrej


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Arjen Runsink

2006-Mar-11 13:14 UTC

head link

Re: [Xen-users] Xen 3.0 and a virtual net (brouter with masq) (Repost in plaintext)

Hi Andrej,

On Saturday 11 March 2006 13:21, Andrej Radonic wrote:> thank you for your helpful insights! There is, however, one small error
> in your text: in the section "Brouter Setup" the sentence
"To accomplish
> this I use a special script to be started when xend is started, but the
> regular script for starting the domU''s" just ends without
being
> completed (to me anyway). But I am really wondering what you have to say
> here.Thanks for the proof reading ;)

"To accomplish this I use a special script to be started when xend is
started,
but still use the regular (bridging) script for starting the
domU''s."

BB, Arjen

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Xen users - Mar 2006 - Xen 3.0 and a virtual net (brouter with masq) (Repost in plaintext)

[Xen-users] Xen 3.0 and a virtual net (brouter with masq) (Repost in plaintext)

Re: [Xen-users] Xen 3.0 and a virtual net (brouter with masq) (Repost in plaintext)

Re: [Xen-users] Xen 3.0 and a virtual net (brouter with masq) (Repost in plaintext)

Re: [Xen-users] Xen 3.0 and a virtual net (brouter with masq) (Repost in plaintext)