Xen users - Feb 2008 - REPOST - Debian Etch, XEN 3.2 PAE Routed Nat problem

Ok, installed debian 4 Etch, XEN 3.2 PAE, booted all fine setup 2 FreeBSD
domUs
followed the Routing and Nat guide precisely based on
http://wiki.kartbuilding.net/index.php/Xen_Networking

domUs 10.0.0.1 and 10.0.0.2 can see the dom0, 192.168.1.3 and the internet
route 192.168.1.1 fine
domUs can access dom0
domUs and dom0 can access internet
domUs cannot see each other. i can ssh from domUs to everything, except
another domU

subnets are 255.255.255.0 per the docs
gateways 10.0.0.254 per the docs

i did  notice all the MACs in the each of the domUs are

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            10.0.0.254         UGS         0        7    xn0
10.0.0.0/24        link#1             UC          0        0    xn0
10.0.0.2           fe:ff:ff:ff:ff:ff  UHLW        1      398    xn0    796
10.0.0.128         fe:ff:ff:ff:ff:ff  UHLW        1       96    xn0   1168
10.0.0.254         fe:ff:ff:ff:ff:ff  UHLW        2        0    xn0    766
127.0.0.1          127.0.0.1          UH          0        0    lo0


and in dom0

debian:/home/dingo# ifconfig

eth2      Link encap:Ethernet  HWaddr 00:13:ce:eb:e4:0b
          inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::213:ceff:feeb:e40b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1104 errors:0 dropped:1 overruns:0 frame:0
          TX packets:932 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:769734 (751.6 KiB)  TX bytes:101068 (98.6 KiB)
          Interrupt:18 Base address:0x2000 Memory:c0002000-c0002fff

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:16 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:800 (800.0 B)  TX bytes:800 (800.0 B)

vif1.0    Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff
          inet addr:10.0.0.128  Bcast:0.0.0.0  Mask:255.255.255.255
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:483 errors:0 dropped:0 overruns:0 frame:0
          TX packets:355 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:43202 (42.1 KiB)  TX bytes:35079 (34.2 KiB)

vif2.0    Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff
          inet addr:10.0.0.129  Bcast:0.0.0.0  Mask:255.255.255.255
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:389 errors:0 dropped:0 overruns:0 frame:0
          TX packets:551 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:36130 (35.2 KiB)  TX bytes:53343 (52.0 KiB)

vif3.0    Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff
          inet addr:10.0.0.130  Bcast:0.0.0.0  Mask:255.255.255.255
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:372 (372.0 B)  TX bytes:1188 (1.1 KiB)

debian:/home/dingo# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt
Iface
10.0.0.1        0.0.0.0         255.255.255.255 UH        0 0          0
vif1.0
10.0.0.3        0.0.0.0         255.255.255.255 UH        0 0          0
vif3.0
10.0.0.2        0.0.0.0         255.255.255.255 UH        0 0          0
vif2.0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0
eth2
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0
eth2

any insight ?


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Fri, 29 Feb 2008 11:20:14 -0500, <outbackdingo@gmail.com>
wrote:
>
> Ok, installed debian 4 Etch, XEN 3.2 PAE, booted all fine setup 2 FreeBSD
> domUs
> followed the Routing and Nat guide precisely based on
> http://wiki.kartbuilding.net/index.php/Xen_Networking
>
> domUs 10.0.0.1 and 10.0.0.2 can see the dom0, 192.168.1.3 and the internet
> route 192.168.1.1 fine
> domUs can access dom0
> domUs and dom0 can access internet
> domUs cannot see each other. i can ssh from domUs to everything, except
> another domU
Working as expected.
>From the gentoo manual at http://www.gentoo.org/doc/en/xen-guide.xml
"When selecting the routed approach, the interface inside your
unpriviledged domain is connected to the virtual interface on your
administrative domain. On your administrative domain (domain 0), the
virtual interface is linked together with eth0. The interface inside
your unpriviledged domain should have an IP address on the same
network as the interface on the administrative domain. Any
communication to that IP address can only occur from the
administrative domain, unless you set up specific routing rules."

As I''m just bringing up a Xen and haven''t learned yet how the
devs
butchered normal routing rules to fit their virtualization concept,
I''m reluctant to suggest something. ''man route'' and
moving the DomU to
separate /24s are good ideas, a tool such as wireshark should provide
clues.

-- 
One of the strokes of genius from McCarthy was making lists
the center of the language - kt


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users