Matthias Wolf
2007-Feb-15 17:46 UTC
[Xen-users] Cannot setup domU as router between Inet, LAN and farm of virtual servers
Sorry if I have overlooked s.t., but I tried to search without success. What I want to do is: Hide the 2 PCI-interfaces from dom0 (no problem), use them in a domU (no problem), and add a virtual interface which should be enslaved to the bridge which connects all domUs. When I don''t set up any bridge-stuff (network-script network-bridge) and (vif-script vif-bridge) I receive a domU which acts as router between Internet and LAN (dom0 is invisible in that configuration, and itself can''t reach the Internet) Can anyone give me a hint, how I have to adapt the scripts as to receive that router? Thanks for all hints! Greetings from Vienna / Austria _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Jerry Amundson
2007-Feb-17 02:27 UTC
Re: [Xen-users] Cannot setup domU as router between Inet, LAN and farm of virtual servers
On 2/15/07, Matthias Wolf <matthias.wolf@wot.at> wrote:> What I want to do is: > > Hide the 2 PCI-interfaces from dom0 (no problem), use them in a domU (no > problem), and add a virtual interface which should be enslaved to the > bridge which connects all domUs."Hide", by definition, does not allow the "virtual" - the dom0 can''t make virtual what it can''t see....> When I don''t set up any bridge-stuff (network-script network-bridge) and > (vif-script vif-bridge) I receive a domU which acts as router between > Internet and LAN (dom0 is invisible in that configuration, and itself > can''t reach the Internet)Naturally.> Can anyone give me a hint, how I have to adapt the scripts as to receive > that router?First you should redesign the network configuration, maybe including a "dummy" virt-interface (dom0/domU''s only), or maybe one nic hidden, one bridge, but using iptables within the router-domU for net smarts, or a like variation... jerry -- "Pay no attention to that man behind the curtain!" _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Matthias Wolf
2007-Feb-17 14:49 UTC
Re: [Xen-users] Cannot setup domU as router between Inet, LAN and farm of virtual servers
Thanks, Jerry, what you''re proposing is exactly what I''m trying to do, but i simply can''t figure out, howt to modify the config-files or scripts, respectively. I read the users-manual as well as several networking-howtos and the wiki over and over again, but I seem to miss the very information I''m in need of. Any further hints? Regarding the network redesign: What I''m going to try next is *not* to hide the pci-interfaces from the dom0 but to create multiple bridges (e.g. brInet, brLan and brDmz) and to pass those into the domU which can then "route" between them. Bests Matthew p.S.: I don''t know if this is of any interest: To me is seems almost impossible to figure out *how* to configure more than one interface/bridge or whatever concerning the network. One only gets the information that one would have to adapt the network and the vif-scripts accordingly, but I can''t see how this has to be done. I''d gladly add that part, but I''m far too unsure of what I''m doing to dare. Maybe when I''m through this. Jerry Amundson schrieb:> On 2/15/07, Matthias Wolf <matthias.wolf@wot.at> wrote: >> What I want to do is: >> >> Hide the 2 PCI-interfaces from dom0 (no problem), use them in a domU (no >> problem), and add a virtual interface which should be enslaved to the >> bridge which connects all domUs. > > "Hide", by definition, does not allow the "virtual" - the dom0 can''t > make virtual what it can''t see.... > >> When I don''t set up any bridge-stuff (network-script network-bridge) and >> (vif-script vif-bridge) I receive a domU which acts as router between >> Internet and LAN (dom0 is invisible in that configuration, and itself >> can''t reach the Internet) > > Naturally. > >> Can anyone give me a hint, how I have to adapt the scripts as to receive >> that router? > > First you should redesign the network configuration, maybe including a > "dummy" virt-interface (dom0/domU''s only), or maybe one nic hidden, > one bridge, but using iptables within the router-domU for net smarts, > or a like variation... > > jerry > > -- > "Pay no attention to that man behind the curtain!"Matthias Wolf wolf office team /"\ B�ro-EDV-Systeme OEG tel: +43(1)892 45 76 \ / ASCII Ribbon Campaign Linke Wienzeile 236 mailto:office@wot.at X against HTML-email 1150 Wien http://www.wot.at / \ & vcards *********************************************************************** Lektor f. DB-Systeme an den FH des bfi Wien sowie St.P�lten _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users