Kevin Gill \(Newaddress\)
2006-Apr-12 10:20 UTC
[Xen-users] Network Configuration Needed - NAT plus 2 NICs
Hi, I need help configuring a second network interface in a NAT configuration with Xen 3.0.1. ** Background I have set up a server using Xen 3.0.1. I am using Amd64 bit version of Ubuntu. I have a dom0 and 3 domU''s, for apache (10.0.0.1), application server (10.0.0.2) and database server (10.0.0.3). I have a NAT setup. I am forwarding port 80 and 443 to the apache dom, and database and cvs pserver requests to the database server. All worked excellently out of the box. ** Problem My Server has: Primary Interface eth0, ip address 217.114.173.143 Secondary Interface eth1, ip address 10.0.1.3 The dom0 domain can use both interfaces, and traffic coming in on 10.0.1.3 is correctly forwarded to the appropriate server (IP TABLES / NAT). The domU''s are configured to use the primary interface, eth0. From looking at the Xen Networking document, http://wiki.xensource.com/xenwiki/XenNetworking it appears that I have to configure two virtual network interfaces in the domU''s. However, the documentation seems to be for bridging. I do not know how to set up a NAT configuration with two interfaces. My difficulty is in setting up the vif''s on eth1. I presume that once they are setup, mapping them into the domU''s is simply a matter modifying the xen configurations. If anyone has a working setup using dual NICs and NAT on Xen 3.0.1, can you please send me your network-nat, vif-nat and any other configuration changes I will need. Alternatively, I could have got this completely wrong and I may have to modify my IPTABLES configuration instead. If this is the case, again please let me know. Thanks in advance, Kevin Gill ************************************************************************************************** The contents of this email and any attachments are confidential. They are intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to anyone or make copies. ** eSafe scanned this email for viruses, vandals and malicious content. ** ************************************************************************************************** _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Yura Pismerov
2006-Apr-12 18:54 UTC
Re: [Xen-users] Network Configuration Needed - NAT plus 2 NICs
For what it worth.... In similar setup (one NIC on public, the 2nd one on private network along with domU''s) I had better success with routed Xen networking config (vif-route). For some reason, neither bridged nor nat setups worked for me. Here is what I use in xen config file (my internal network is on eth1, so it requires explicit definition of netdev). (network-script network-route) (vif-script ''vif-route netdev=eth1'') Also, if you have internal network segment and you want the domU IPs visible on it you will need: echo 1 >/proc/sys/net/ipv4/conf/eth1/proxy_arp Hope this helps. Kevin Gill (Newaddress) wrote:> Hi, > > I need help configuring a second network interface in a NAT > configuration with Xen 3.0.1. > > ** Background > > I have set up a server using Xen 3.0.1. I am using Amd64 bit version of > Ubuntu. I have a dom0 and 3 domU''s, for apache (10.0.0.1), application > server (10.0.0.2) and database server (10.0.0.3). > > I have a NAT setup. I am forwarding port 80 and 443 to the apache dom, > and database and cvs pserver requests to the database server. > > All worked excellently out of the box. > > ** Problem > > My Server has: > Primary Interface eth0, ip address 217.114.173.143 > Secondary Interface eth1, ip address 10.0.1.3 > > The dom0 domain can use both interfaces, and traffic coming in on > 10.0.1.3 is correctly forwarded to the appropriate server (IP TABLES / > NAT). > > The domU''s are configured to use the primary interface, eth0. From > looking at the Xen Networking document, > http://wiki.xensource.com/xenwiki/XenNetworking it appears that I have > to configure two virtual network interfaces in the domU''s. However, the > documentation seems to be for bridging. I do not know how to set up a > NAT configuration with two interfaces. > > My difficulty is in setting up the vif''s on eth1. I presume that once > they are setup, mapping them into the domU''s is simply a matter > modifying the xen configurations. > > If anyone has a working setup using dual NICs and NAT on Xen 3.0.1, can > you please send me your network-nat, vif-nat and any other configuration > changes I will need. > > Alternatively, I could have got this completely wrong and I may have to > modify my IPTABLES configuration instead. If this is the case, again > please let me know. > > Thanks in advance, > > > Kevin Gill > ************************************************************************************************** > The contents of this email and any attachments are confidential. > They are intended for the named recipient(s) only. > If you have received this email in error please notify the system manager or the > sender immediately and do not disclose the contents to anyone or make copies. > > ** eSafe scanned this email for viruses, vandals and malicious content. ** > ************************************************************************************************** > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users >-- Yuri Pismerov, System Administrator Armor Technologies (Canada) Inc. P: 905 305 1946 (x.3519) http://www.armorware.net Privacy Protection Guaranteed! _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Kevin Gill \(Newaddress\)
2006-Apr-13 08:38 UTC
RE: [Xen-users] Network Configuration Needed - NAT plus 2 NICs
Thanks for the response. I will try it out. Kevin -----Original Message----- From: Yura Pismerov [mailto:y.pismerov@armorware.net] Sent: 12 April 2006 19:54 To: Kevin Gill (Newaddress) Cc: xen-users@lists.xensource.com. Subject: Re: [Xen-users] Network Configuration Needed - NAT plus 2 NICs For what it worth.... In similar setup (one NIC on public, the 2nd one on private network along with domU''s) I had better success with routed Xen networking config (vif-route). For some reason, neither bridged nor nat setups worked for me. Here is what I use in xen config file (my internal network is on eth1, so it requires explicit definition of netdev). (network-script network-route) (vif-script ''vif-route netdev=eth1'') Also, if you have internal network segment and you want the domU IPs visible on it you will need: echo 1 >/proc/sys/net/ipv4/conf/eth1/proxy_arp Hope this helps. Kevin Gill (Newaddress) wrote:> Hi, > > I need help configuring a second network interface in a NAT > configuration with Xen 3.0.1. > > ** Background > > I have set up a server using Xen 3.0.1. I am using Amd64 bit versionof> Ubuntu. I have a dom0 and 3 domU''s, for apache (10.0.0.1), application > server (10.0.0.2) and database server (10.0.0.3). > > I have a NAT setup. I am forwarding port 80 and 443 to the apache dom, > and database and cvs pserver requests to the database server. > > All worked excellently out of the box. > > ** Problem > > My Server has: > Primary Interface eth0, ip address 217.114.173.143 > Secondary Interface eth1, ip address 10.0.1.3 > > The dom0 domain can use both interfaces, and traffic coming in on > 10.0.1.3 is correctly forwarded to the appropriate server (IP TABLES / > NAT). > > The domU''s are configured to use the primary interface, eth0. From > looking at the Xen Networking document, > http://wiki.xensource.com/xenwiki/XenNetworking it appears that I have > to configure two virtual network interfaces in the domU''s. However,the> documentation seems to be for bridging. I do not know how to set up a > NAT configuration with two interfaces. > > My difficulty is in setting up the vif''s on eth1. I presume that once > they are setup, mapping them into the domU''s is simply a matter > modifying the xen configurations. > > If anyone has a working setup using dual NICs and NAT on Xen 3.0.1,can> you please send me your network-nat, vif-nat and any otherconfiguration> changes I will need. > > Alternatively, I could have got this completely wrong and I may haveto> modify my IPTABLES configuration instead. If this is the case, again > please let me know. > > Thanks in advance, > > > Kevin Gill >************************************************************************ **************************> The contents of this email and any attachments are confidential. > They are intended for the named recipient(s) only. > If you have received this email in error please notify the systemmanager or the> sender immediately and do not disclose the contents to anyone or makecopies.> > ** eSafe scanned this email for viruses, vandals and maliciouscontent. **>************************************************************************ **************************> > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users >-- Yuri Pismerov, System Administrator Armor Technologies (Canada) Inc. P: 905 305 1946 (x.3519) http://www.armorware.net Privacy Protection Guaranteed! ************************************************************************************************** The contents of this email and any attachments are confidential. They are intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to anyone or make copies. ** eSafe scanned this email for viruses, vandals and malicious content. ** ************************************************************************************************** _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users