Xen users - Aug 2006 - Can''t get internet access from domU (dom0: debian unstable, domU: debian sarge)

hi,

	I have tried various combination with no success.
I have a wifi card that has eth2 device with the real ip assigned by a
dhcp server of my wifi router.

I''m able to config an ip in domU, ping the bridge, ping the ip of the
real
ethernet card, but no ping to the router/internet

My xen-enabled kernel creates xenbr0 bridge, so my config is
/etc/xen/xend-config.sxp

(loglevel DEBUG)

(xend-http-server yes)
(xend-unix-server yes)

(xend-relocation-server yes)
(xend-port            8000)
(xend-address ''localhost'')
(xend-relocation-hosts-allow ''^localhost$'')
(network-script network-bridge)
(vif-script vif-bridge)
(dom0-min-mem 196)
(dom0-cpus 0)

my domU config is /etc/xen/sarge:

kernel = "/boot/vmlinuz-2.6-xen"
builder=''linux''
memory = 32
name = "sarge0"
cpus = ""         # leave to Xen to pick
vcpus = 1
hostname = "sarge"
disk = [ ''file:/home/xen/domains/sarge/disk.img,sda1,w'',
''file:/home/xen/domains/sarge/swap.img,sda2,w'']
root = "/dev/sda1 ro"
extra = "4"

vif=[ ''bridge=xenbr0,ip=192.168.182.11'' ]
dhcp="off"

I have installed iproute and bridge-utils, but the network-bridge script says:

Link veth0 is missing.
This may be because you have reached the limit of the number of interfaces
that the loopback driver supports.  If the loopback driver is a module, you
may raise this limit by passing it as a parameter (nloopbacks=<N>); if the
driver is compiled statically into the kernel, then you may set the parameter
using loopback.nloopbacks=<N> on the domain 0 kernel command line.

and ip link show says:

1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: vif0.0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether 00:01:4a:bf:21:98 brd ff:ff:ff:ff:ff:ff
4: vif0.1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
5: veth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
6: vif0.2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
7: veth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
8: vif0.3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
9: veth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
10: vif0.4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
11: veth4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
12: vif0.5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
13: veth5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
14: vif0.6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
15: veth6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
16: vif0.7: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
17: veth7: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
18: peth0: <NO-CARRIER,BROADCAST,MULTICAST,NOARP,UP> mtu 1500 qdisc
pfifo_fast qlen 1000
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
19: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
    link/ieee1394 08:00:46:03:00:f1:2d:d5 brd ff:ff:ff:ff:ff:ff:ff:ff
20: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:13:ce:4b:b8:e7 brd ff:ff:ff:ff:ff:ff
21: sit0: <NOARP> mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0
22: xenbr0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
    link/ether 00:13:ce:4b:b8:e7 brd ff:ff:ff:ff:ff:ff
34: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noqueue
    link/ether 5a:bb:c1:80:d1:88 brd ff:ff:ff:ff:ff:ff

so there isn''t a veth0 device, onlyh veth[1-7]

TIA,
Marco

-- 
 ,= ,-_-. =.  ------------------------------------------------------- +
((_/)o o(\_)) jabber:kpanic@jabber.linux.it/msn:kpanic@muppetslab.org |
 `-''(. .)`-                #muppetslab@irc.freenode.net               |
     \_/		    If it works, it''s obsolete                |

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On 8/16/06, Marco Milanesi <kpanic@muppetslab.org>
wrote:
> hi,
>
>         I have tried various combination with no success.
> I have a wifi card that has eth2 device with the real ip assigned by a
> dhcp server of my wifi router.
>
> I''m able to config an ip in domU, ping the bridge, ping the ip of
the real
> ethernet card, but no ping to the router/internet
>
> My xen-enabled kernel creates xenbr0 bridge, so my config is
/etc/xen/xend-config.sxp
>
> (loglevel DEBUG)
>
> (xend-http-server yes)
> (xend-unix-server yes)
>
> (xend-relocation-server yes)
> (xend-port            8000)
> (xend-address ''localhost'')
> (xend-relocation-hosts-allow ''^localhost$'')
> (network-script network-bridge)
> (vif-script vif-bridge)
Try to use network-nat and vif-nat. Check this document:
http://www.howtoforge.com/perfect_setup_xen3_debian_p6

Works perfect for me.
> (dom0-min-mem 196)
> (dom0-cpus 0)
>
> my domU config is /etc/xen/sarge:
>
> kernel = "/boot/vmlinuz-2.6-xen"
> builder=''linux''
> memory = 32
> name = "sarge0"
> cpus = ""         # leave to Xen to pick
> vcpus = 1
> hostname = "sarge"
> disk = [ ''file:/home/xen/domains/sarge/disk.img,sda1,w'',
''file:/home/xen/domains/sarge/swap.img,sda2,w'']
> root = "/dev/sda1 ro"
> extra = "4"
>
> vif=[ ''bridge=xenbr0,ip=192.168.182.11'' ]
> dhcp="off"
>
> I have installed iproute and bridge-utils, but the network-bridge script
says:
>
> Link veth0 is missing.
> This may be because you have reached the limit of the number of interfaces
> that the loopback driver supports.  If the loopback driver is a module, you
> may raise this limit by passing it as a parameter (nloopbacks=<N>);
if the
> driver is compiled statically into the kernel, then you may set the
parameter
> using loopback.nloopbacks=<N> on the domain 0 kernel command line.
>
> and ip link show says:
>
> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> 2: vif0.0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
>     link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
> 3: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>     link/ether 00:01:4a:bf:21:98 brd ff:ff:ff:ff:ff:ff
> 4: vif0.1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>     link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
> 5: veth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>     link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
> 6: vif0.2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>     link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
> 7: veth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>     link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
> 8: vif0.3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>     link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
> 9: veth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>     link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
> 10: vif0.4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>     link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
> 11: veth4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>     link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
> 12: vif0.5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>     link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
> 13: veth5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>     link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
> 14: vif0.6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>     link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
> 15: veth6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>     link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
> 16: vif0.7: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>     link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
> 17: veth7: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
>     link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
> 18: peth0: <NO-CARRIER,BROADCAST,MULTICAST,NOARP,UP> mtu 1500 qdisc
pfifo_fast qlen 1000
>     link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
> 19: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
>     link/ieee1394 08:00:46:03:00:f1:2d:d5 brd ff:ff:ff:ff:ff:ff:ff:ff
> 20: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen
1000
>     link/ether 00:13:ce:4b:b8:e7 brd ff:ff:ff:ff:ff:ff
> 21: sit0: <NOARP> mtu 1480 qdisc noop
>     link/sit 0.0.0.0 brd 0.0.0.0
> 22: xenbr0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
>     link/ether 00:13:ce:4b:b8:e7 brd ff:ff:ff:ff:ff:ff
> 34: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noqueue
>     link/ether 5a:bb:c1:80:d1:88 brd ff:ff:ff:ff:ff:ff
>
> so there isn''t a veth0 device, onlyh veth[1-7]
>
> TIA,
> Marco
>
> --
>  ,= ,-_-. =.  ------------------------------------------------------- +
> ((_/)o o(\_)) jabber:kpanic@jabber.linux.it/msn:kpanic@muppetslab.org |
>  `-''(. .)`-                #muppetslab@irc.freenode.net           
|
>      \_/                    If it works, it''s obsolete            
|
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

> Try to use network-nat and vif-nat. Check this document:
> http://www.howtoforge.com/perfect_setup_xen3_debian_p6
> Works perfect for me.
yeah, but I need to reach also the ''natted'' network from
outside, any
ideas?

ciao,
Marco

-- 
 ,= ,-_-. =.  ------------------------------------------------------- +
((_/)o o(\_)) jabber:kpanic@jabber.linux.it/msn:kpanic@muppetslab.org |
 `-''(. .)`-                #muppetslab@irc.freenode.net               |
     \_/		    If it works, it''s obsolete                |

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On 8/16/06, Marco Milanesi <kpanic@muppetslab.org>
wrote:
> > Try to use network-nat and vif-nat. Check this document:
> > http://www.howtoforge.com/perfect_setup_xen3_debian_p6
> > Works perfect for me.
>
> yeah, but I need to reach also the ''natted'' network from
outside, any
> ideas?
>
Do you need to have access to all ports on all DomUs? That will be
impossible. To configure access to some particular services (WWW for
example) use DNAT iptables feature in Dom0. Examples are in that
document.
> ciao,
> Marco
>
> --
>  ,= ,-_-. =.  ------------------------------------------------------- +
> ((_/)o o(\_)) jabber:kpanic@jabber.linux.it/msn:kpanic@muppetslab.org |
>  `-''(. .)`-                #muppetslab@irc.freenode.net           
|
>      \_/                    If it works, it''s obsolete            
|
>
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users