I am trying out my first xen-project. I have used Debian''s
xen-create-image to create a sarge image and I have a problem to get the
network going.
In the virtual machine (vmmail.sun.ac.za) I get the following:
sudo /etc/init.d/networking start
Setting up IP spoofing protection: rp_filter.
Configuring network interfaces...ifup: interface lo already configured
SIOCADDRT: Network is unreachable
Failed to bring up eth0.
done.
/etc/network/interfaces:
auto eth0
iface eth0 inet static
address 192.168.1.200
gateway 192.168.0.1
netmask 255.255.255.254
In dom0:
eth0 Link encap:Ethernet HWaddr 00:60:97:91:50:33
inet addr:146.232.129.117 Bcast:146.232.129.255 Mask:255.255.254.0
inet6 addr: fe80::260:97ff:fe91:5033/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:55819725 errors:0 dropped:0 overruns:5 frame:0
TX packets:14835707 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:606540272 (578.4 MiB) TX bytes:3479501616 (3.2 GiB)
Interrupt:5 Base address:0xe400
eth1 Link encap:Ethernet HWaddr 00:60:08:0F:ED:A6
inet addr:192.168.0.1 Bcast:192.168.1.255 Mask:255.255.254.0
inet6 addr: fe80::260:8ff:fe0f:eda6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:47 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2214 (2.1 KiB) TX bytes:720 (720.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:11416 errors:0 dropped:0 overruns:0 frame:0
TX packets:11416 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2720010 (2.5 MiB) TX bytes:2720010 (2.5 MiB)
peth1 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST NOARP MTU:1500 Metric:1
RX packets:766091 errors:0 dropped:0 overruns:0 frame:0
TX packets:115 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:51588542 (49.1 MiB) TX bytes:7908 (7.7 KiB)
Interrupt:11 Base address:0xe800
vif0.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:4426 errors:0 dropped:0 overruns:0 frame:0
TX packets:13492 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:337172 (329.2 KiB) TX bytes:936163 (914.2 KiB)
vif6.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:412 (412.0 b) TX bytes:252 (252.0 b)
xenbr0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet addr:192.168.1.200 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:6362 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:204832 (200.0 KiB) TX bytes:0 (0.0 b)
% sudo netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 xenbr0
192.168.0.0 192.168.0.1 255.255.254.0 UG 0 0 0 eth1
192.168.0.0 * 255.255.254.0 U 0 0 0 eth1
146.232.128.0 * 255.255.254.0 U 0 0 0 eth0
default gigabit-router. 0.0.0.0 UG 0 0 0 eth0
In dom0:
% sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- vmmail anywhere PHYSDEV match
--physdev-in vif6.0
ACCEPT udp -- anywhere anywhere PHYSDEV match
--physdev-in vif6.0 udp spt:bootpc dpt:bootps
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I have been trying to get some sort of understanding but the solutions
offered on the internet is so different and confusing that I have no
idea on how forward.
I have seen on the xensource-wiki that ip-forwarding of the kernel
should be switched off. I do not really understand why. So I have
experimented with that also without seeing that it made any difference.
At the moment the configuration in /etc/sysctl.conf is:
net.ipv4.conf.default.forwarding=0
net/ipv4/ip_forward=0
Reading the Xen-manual I see about networking: "the default setup should
work out of the box" ...
Not for me!
I am just trying to get a basic setup going. In the end I want the
xen-machines to utilise both the private network as well as the public
one. And I want to set up shorewall in dom0 which I understand is not
that straight forward.
Any pointers that can help met to understand what is going on here will
be appreciated.
Regards
Johann
--
Johann Spies Telefoon: 021-808 4036
Informasietegnologie, Universiteit van Stellenbosch
"Moreover if thy brother shall trespass against thee,
go and tell him his fault between thee and him alone;
if he shall hear thee, thou hast gained thy brother."
Matthew 18:15
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users
On 11/14/06, Johann Spies <jspies@sun.ac.za> wrote:> I am trying out my first xen-project. I have used Debian''s > xen-create-image to create a sarge image and I have a problem to get the > network going. > > In the virtual machine (vmmail.sun.ac.za) I get the following: > > sudo /etc/init.d/networking start > Setting up IP spoofing protection: rp_filter. > Configuring network interfaces...ifup: interface lo already configured > SIOCADDRT: Network is unreachableLook at the networking scripts for domU (I don''t recall debian''s location at the moment). It looks like you have extra files for the same devices, e.g. lo, and that another is trying to add a gateway on a non-local network. jerry _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi Johann, On 11/14/06, Johann Spies <jspies@sun.ac.za> wrote:> I am trying out my first xen-project. I have used Debian''s > xen-create-image to create a sarge image and I have a problem to get the > network going.All the output you sent is quite useless to diagnose your problem - please don''t send so much stuff if you don''t know what is needed. Please show us ifconfig eth0 in the domU and the vm config file section where the network card is configured. Which type of network script are you using? What do your logfiles say on dom0 and what is domU dmesg saying - does it report about any network cards? Henning _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hallo Henning, Thanks for answering.> All the output you sent is quite useless to diagnose your problem -At least the useless data helped someone else to point out a typo on my side concerning the netmask (255.255.255.254 in stead of 255.255.254.0). But that did not solve the problem. At least I can get eth0 running now.> please don''t send so much stuff if you don''t know what is needed.I will remember.> Please show us ifconfig eth0 in the domUeth0 Link encap:Ethernet HWaddr 00:16:3E:10:BE:13 inet addr:192.168.1.200 Bcast:192.168.1.255 Mask:255.255.254.0 inet6 addr: fe80::216:3eff:fe10:be13/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:19 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:1014 (1014.0 b)> and the vm config file section where the network card is configured.Is this what you are talking about (/etc/xen/vmmail.sun.ac.za.cfg in this case)? vif = [ ''ip=192.168.1.200'' ]> Which type of network script are you using?I do not understand your question, sorry.> What do your logfiles say on dom0 and what is domU dmesg saying - does > it report about any network cards?A tail of /var/log/messages on dom0: Nov 15 07:21:19 blackbird kernel: eth0: setting full-duplex. Nov 15 07:21:19 blackbird kernel: ACPI: PCI Interrupt 0000:00:0a.0[A] -> Link [LNKC] -> GSI 11 (level, low) -> IRQ 11 Nov 15 07:21:19 blackbird kernel: eth1: setting half-duplex. Nov 15 07:21:19 blackbird kernel: NET: Registered protocol family 10 Nov 15 07:21:19 blackbird kernel: lo: Disabled Privacy Extensions Nov 15 07:21:19 blackbird kernel: ADDRCONF(NETDEV_UP): eth1: link is not ready Nov 15 07:21:19 blackbird kernel: IPv6 over IPv4 tunneling driver Nov 15 07:21:34 blackbird kernel: Bridge firewalling registered And on domU: Nov 15 05:00:15 vmmail kernel: NET: Registered protocol family 10 Nov 15 05:00:15 vmmail kernel: lo: Disabled Privacy Extensions Nov 15 05:00:15 vmmail kernel: IPv6 over IPv4 tunneling driver Nov 15 05:15:04 vmmail kernel: ip_tables: (C) 2000-2006 Netfilter Core Team Also on domU: $ dmesg | grep eth0 eth0: no IPv6 routers present Regards Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch "It is better to trust in the LORD than to put confidence in man." Psalms 118:8 _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Tue, Nov 14, 2006 at 12:35:39PM -0600, Jerry Amundson wrote:> Look at the networking scripts for domU (I don''t recall debian''s > location at the moment).I suppose you refer to those in /etc/xen/scripts on dom0?> It looks like you have extra files for the > same devices, e.g. lo, and that another is trying to add a gateway on > a non-local network.My netmask was wrong (255.255.255.254 in stead of 255.255.254.0 as I intended). That could cause the refusal of the network service to bring up eth0 on domU. But I have corrected that now and eth0 is up - with no connection to the outside world... :( Regards Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch "It is better to trust in the LORD than to put confidence in man." Psalms 118:8 _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
HI Johann,> vif = [ ''ip=192.168.1.200'' ] > >> Which type of network script are you using? > > I do not understand your question, sorry.I do not know where this files reside on your box, but on my SuSE it is /etc/xen/scripts there you could find ''network-bridge'', vif-bridge, network-nat and others. and inside /etc/xen/xen-config-sxp is defined wich kind of ''network-script'' you use. If your using ''network-bridge try vif = [ ''mac=00:16:3E:10:BE:13'', ''ip=192.168.1.200'', ''bridge=xenbr0'' ] your domU''s nic should be attached to same bridge as eth0/peth0 of dom0 if you want bridged networking. hope this helps a bit. Christian ----------------------------------------- Diese E-Mail wurde durch SquirrelMail versandt "Webmail for nuts!" ----------------------------------------- Bereitgestellt fuer Kunden von Scorpio IT http://www.scorpio-it.net _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hallo Christian,> there you could find ''network-bridge'', vif-bridge, network-nat and others. > and inside /etc/xen/xen-config-sxp is defined wich kind of ''network-script'' > you use.OK. I have enabled network-bridge and vif-bridge. I have tried network-nat but I don''t know how to use it. Were do I read about these different configurations? Mosti (about all) of the documentation I have seen so far was about bridging.> If your using ''network-bridge > try > vif = [ ''mac=00:16:3E:10:BE:13'', ''ip=192.168.1.200'', ''bridge=xenbr0'' ] > > your domU''s nic should be attached to same bridge as eth0/peth0 of dom0 if > you want bridged networking.Thanks. The addition of ''bridge=xenbr0'' here brought about an improvement. Now I can ping Dom0 from DomU but not the other way round. It might be a routing problem. I have two network cards on dom0 and I cannot see that at this stage xenbr0 plays any role in the routing table on dom0. Regards. Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch "It is better to trust in the LORD than to put confidence in man." Psalms 118:8 _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
HI Johann,> OK. I have enabled network-bridge and vif-bridge. I have tried > network-nat but I don''t know how to use it.sorry never tested ''nat'', so I cannot say anything about it.> > Were do I read about these different configurations? Mosti (about all) of > the > documentation I have seen so far was about bridging.Try searching through mail-list-archive, wiki or just google around. ''shorewall'' http://www.shorewall.net/XenMyWay.html> Thanks. The addition of ''bridge=xenbr0'' here brought about an > improvement. Now I can ping Dom0 from DomU but not the other way round. > > It might be a routing problem. I have two network cards on dom0 and I > cannot see that at this stage xenbr0 plays any role in the routing table > on dom0.try `brctl show` to see which interfaces are connected to which bridge. hope that helps Christian ----------------------------------------- Diese E-Mail wurde durch SquirrelMail versandt "Webmail for nuts!" ----------------------------------------- Bereitgestellt fuer Kunden von Scorpio IT http://www.scorpio-it.net _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users