It depends on netmasks and, therefore, netmasks. If your netmask for all these 192.168 system is 255.255.0.0 then there''s no need for routing at all. You mentioned Xen-Bridge in the subject. It''s a bridge, not a router. :-) On Oct 15, 2006, at 2:59 AM, Gerhard Wendebourg wrote:> after I was now successful with setting up my Xen-System, the question > about the routing directed to the guest-systems: > > I have now the Dom-0 connected to the 192.168.0.0 (=> Inet), own IP > 192.168.0.10 and the bridge and guests running on 192.168.1.0. My > xenbridge runs on 192.168.1.1. > > If I now want to have one guest-domain, running on 192.168.1.22 to be > reached by HTTP and SSH, how do I handle the forwarding coming to my > Dom-0 at 192.168.0.10 to the Guest-domain at a specific port?-- -- Tom Mornini, CTO -- Engine Yard, Ruby on Rails Hosting -- Reliability, Ease of Use, Scalability -- (866) 518-YARD (9273) _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hello, after I was now successful with setting up my Xen-System, the question about the routing directed to the guest-systems: I have now the Dom-0 connected to the 192.168.0.0 (=> Inet), own IP 192.168.0.10 and the bridge and guests running on 192.168.1.0. My xenbridge runs on 192.168.1.1. If I now want to have one guest-domain, running on 192.168.1.22 to be reached by HTTP and SSH, how do I handle the forwarding coming to my Dom-0 at 192.168.0.10 to the Guest-domain at a specific port? thanx for replying GW _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Is there any example-configuration, how to set up networking with a bridge, when my xen-system is located behind a router to the inet? I''m now having the router with 192.168.0.1. On my Xen 3.0 i have the bridge installed and thus eth0 and xenintbr running with the added vif''s. Which configuration might assigned to the netdevices on the xen-system with the goal to enable the guests to make connections to the internet and also have a forwarding from outside to specific guests (relying on the port, thats questioned from outside) ? It seems to be a very standard solution, but I didn''t find out, how to realize it, after trying several configurations on my guest-systems and the Dom-0. What has been working was the connect between Dom-0 and guest and after configuring masquerading also connect from guest to the internet. Also I found, that after altering the network of some guest it was stopping its work, even if setting to the initial config and rebooting. But maybe there is some example-configuration, that may help to solve (while I''m still no networking-expert). thany for replying. GW Tom Mornini schrieb:> It depends on netmasks and, therefore, netmasks. > > If your netmask for all these 192.168 system is 255.255.0.0 then there''s > no need for routing at all. > > You mentioned Xen-Bridge in the subject. It''s a bridge, not a router. :-) > > On Oct 15, 2006, at 2:59 AM, Gerhard Wendebourg wrote: > >> after I was now successful with setting up my Xen-System, the question >> about the routing directed to the guest-systems: >> >> I have now the Dom-0 connected to the 192.168.0.0 (=> Inet), own IP >> 192.168.0.10 and the bridge and guests running on 192.168.1.0. My >> xenbridge runs on 192.168.1.1. >> >> If I now want to have one guest-domain, running on 192.168.1.22 to be >> reached by HTTP and SSH, how do I handle the forwarding coming to my >> Dom-0 at 192.168.0.10 to the Guest-domain at a specific port? > > ---- Tom Mornini, CTO > -- Engine Yard, Ruby on Rails Hosting > -- Reliability, Ease of Use, Scalability > -- (866) 518-YARD (9273) > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users > >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On 10/15/06 12:11, G.Wendebourg wrote:> Is there any example-configuration, how to set up networking with a > bridge, when my xen-system is located behind a router to the inet? > > I''m now having the router with 192.168.0.1. > > On my Xen 3.0 i have the bridge installed and thus eth0 and xenintbr > running with the added vif''s. > > Which configuration might assigned to the netdevices on the xen-system > with the goal to enable the guests to make connections to the internet > and also have a forwarding from outside to specific guests (relying on > the port, thats questioned from outside) ? > > It seems to be a very standard solution, but I didn''t find out, how to > realize it, after trying several configurations on my guest-systems and > the Dom-0. > What has been working was the connect between Dom-0 and guest and after > configuring masquerading also connect from guest to the internet. > Also I found, that after altering the network of some guest it was > stopping its work, even if setting to the initial config and rebooting. >Yes, I posted a patch called network-private to the xen-users list a week ago or so http://lists.xensource.com/archives/html/xen-users/2006-09/msg00925.html Note there is one line in the attachment that got wrapped... near the top "mac=${mac:-$(awk ''BEGIN { printf "00:16:3e:%02x:%02x:%02x", int(rand()*127), int(rand()*255), int(rand()*255); }'')}" needs to be one line. I am convinced that most of the more complicated xen networking issues can be resolved using network-private. It creates a private network, and vif0 in dom0 is connected to it. In your example, you use xen-private to create a private network between the dom0 and domUs. Then you can set dom0 up as a router same as any other router forgetting about xen completly... use shorewall or do something like iptables -t nat -A PREROUTING -i eth0 -d ipaddr -p tcp --dport whatever -j DNAT --to localaddr iptables -t nat -A POSTROUTING -o eth0 -s localnetwork/24 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward and other rules in the FORWARD chain based on how you want to configure security... Also, since you set these rules independent of XEN, and the configuration of the network is the SAME if xen is running or not running, these rules in iptables are not affected so will just timeout (or return "No route to host") if xen is not running. Starting and stopping doesn''t change the network architecture. John _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users