I have a second NIC that I would like to plug into the net directly and then bridge with a virtual interface in a dom-u. The virtual interface will be setup to dynamically acquire its IP (iso restriction) but I don''t want Dom-0 to have access to the net with the physical nic. Would I simply assign it 0.0.0.0 as an IP with a mask of 255.255.255.255 to accomplish this? Thanks! jlc _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Joseph L. Casale wrote:> I have a second NIC that I would like to plug into the net directly and then > bridge with a virtual interface in a dom-u. The virtual interface will be > setup to dynamically acquire its IP (iso restriction) but I don''t want Dom-0 > to have access to the net with the physical nic. > > Would I simply assign it 0.0.0.0 as an IP with a mask of 255.255.255.255 to > accomplish this? > > Thanks! > jlcHi! A bridge is at layer two, while IP is on layer three. So there is no need to configure the IP layer at all to get bridging to work. Not even "0.0.0.0". BR /Martin _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
>Hi! > >A bridge is at layer two, while IP is on layer three. So there is no need to >configure the IP layer at all to get bridging to work. Not even "0.0.0.0". > >BR >/MartinHi, So what should the ethx scipt look like then? I assume it will autoconfigure it at boot if I don''t create a script with at least something? Thanks! jlc _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Joseph L. Casale wrote:>> Hi! >> >> A bridge is at layer two, while IP is on layer three. So there is no need to >> configure the IP layer at all to get bridging to work. Not even "0.0.0.0". >> >> BR >> /Martin > > Hi, > So what should the ethx scipt look like then? I assume it will autoconfigure it at boot if I don''t create a script with at least something?Hi Joseph, I don''t know what distro you use, but I use Debian. In my dom0 the network config looks like this: # egrep -v "^(#|$)" /etc/network/interfaces auto lo iface lo inet loopback allow-hotplug eth0 iface eth0 inet static address 192.168.221.4 netmask 255.255.255.0 gateway 192.168.221.2 ... where eth0 is the inside interface. The outside interface eth1 isn''t even mentioned, since it doesn''t have to be configured. You can read more about it in a post I made a few days ago: <http://article.gmane.org/gmane.comp.emulators.xen.user/33926> ethx scripts are used in Redhat and friends, right? Someone more familiar to Redhat is more than welcome to chime in now. Good luck! /Martin Leben _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
I have a DomU firewall, running Astaro Security Gateway as a hvm. My base OS / dom0 is Centos 5.1. I have a total of four ports in the box now, two built in and two on a pci-e card. I have them all defined in /etc/sysconfig/network-scripts, but only eth0 has an ip address, or is set to come up at boot. The xend network scripts take care of bring up the other interfaces, clearing their mac addresses and adding them to bridges. # cat ifcfg-eth0 # Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper) DEVICE=eth0 BOOTPROTO=static BROADCAST=192.168.2.255 IPADDR=192.168.2.8 NETMASK=255.255.255.0 NETWORK=192.168.2.0 ONBOOT=yes # cat ifcfg-eth2 (also eth1 and eth3) # Intel Corporation 82571EB Gigabit Ethernet Controller DEVICE=eth2 ONBOOT=no BOOTPROTO=none The firewall is bound to 4 bridge devices, three physical interfaces and a fourth which is bound to a dummy interface. The fourth bridge (xenbr3) provides a DMZ for some of my virtual machines to network with. They have limited internet acccess and exposed ports, without having access to my internal lan. In the HVM, Astaro just sees four physical ethernet interfaces, it is oblivious to what''s going on behind the scenes. One interface connects directly to my cable modem, one to wireless access point, the third to my internat lan. Gordon _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Here''s my vif line: vif = [ "mac=00:16:3e:40:9b:8c,bridge=xenbr0,type=ioemu", "mac=00:16:3e:40:9b:8d,bridge=xenbr1,type=ioemu", "mac=00:16:3e:40:9b:8e,bridge=xenbr2,type=ioemu", "mac=00:16:3e:40:9b:8f,bridge=xenbr3,type=ioemu", ] I chose sequential mac addresses, for no reason in particular. Xend had assigned the first mac, so I just kept adding 1 to it. also under etc/xen/scripts, I created this script to setup the bridges - it only seems to work at boot, running the script after the system is booted yielded weird results for me # cat my-network-script #!/bin/sh dir=$(dirname "$0") "$dir/network-bridge" "$@" vifnum=0 netdev=eth0 bridge=xenbr0 "$dir/network-bridge" "$@" vifnum=1 netdev=eth1 bridge=xenbr1 "$dir/network-bridge" "$@" vifnum=2 netdev=eth2 bridge=xenbr2 "$dir/network-bridge" "$@" vifnum=3 netdev=dummy0 bridge=xenbr3 you also need to change /etc/xen/xend-config.sxp and tell it to run your script, instead of the default. Gordon On Sat, Apr 12, 2008 at 9:02 PM, Joseph L. Casale <jcasale@activenetwerx.com> wrote:> This is exactly my config, same OS etc. So in the hvm config, you dos something like this: > vif = [ ''type=ioemu, mac=<mac 1>, bridge=xenbr0'' , ''type=ioemu, mac=<mac 2>, bridge=xenbr2'' , ''etc...'' ] > > and then assume Astaro see''s 4 nics?_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
># cat ifcfg-eth0 ># Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper) >DEVICE=eth0 >BOOTPROTO=static >BROADCAST=192.168.2.255 >IPADDR=192.168.2.8 >NETMASK=255.255.255.0 >NETWORK=192.168.2.0 >ONBOOT=yes > ># cat ifcfg-eth2 (also eth1 and eth3) ># Intel Corporation 82571EB Gigabit Ethernet Controller >DEVICE=eth2 >ONBOOT=no >BOOTPROTO=noneThis is exactly my config, same OS etc. So in the hvm config, you dos something like this: vif = [ ''type=ioemu, mac=<mac 1>, bridge=xenbr0'' , ''type=ioemu, mac=<mac 2>, bridge=xenbr2'' , ''etc...'' ] and then assume Astaro see''s 4 nics? Thanks a lot! jlc _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
>also under etc/xen/scripts, I created this script to setup the bridges >- it only seems to work at boot, running the script after the system >is booted yielded weird results for me > ># cat my-network-script >#!/bin/sh >dir=$(dirname "$0") >"$dir/network-bridge" "$@" vifnum=0 netdev=eth0 bridge=xenbr0 >"$dir/network-bridge" "$@" vifnum=1 netdev=eth1 bridge=xenbr1 >"$dir/network-bridge" "$@" vifnum=2 netdev=eth2 bridge=xenbr2 >"$dir/network-bridge" "$@" vifnum=3 netdev=dummy0 bridge=xenbr3 > >you also need to change /etc/xen/xend-config.sxp and tell it to run >your script, instead of the default.Gordon, What version of Xen are you using? I am using 3.2 and my original network script is significantly more complicated than this, are there any issues I face not using that existing script in my version? Also, I disabled libvirtd and pointed my vifs to eth0 as my bridge currently while I test and this is working well so far. Will your script work with that service disabled? Thanks for all your help! jlc _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
The default script isn''t going anywhere ... the new script is just a ''wrapper'' of sorts, which calls the default script several times, once for each bridge. By default, xend just calls it once to setup br0. On Sat, Apr 12, 2008 at 11:51 PM, Joseph L. Casale <jcasale@activenetwerx.com> wrote:> >also under etc/xen/scripts, I created this script to setup the bridges > >- it only seems to work at boot, running the script after the system > >is booted yielded weird results for me > > > ># cat my-network-script > >#!/bin/sh > >dir=$(dirname "$0") > >"$dir/network-bridge" "$@" vifnum=0 netdev=eth0 bridge=xenbr0 > >"$dir/network-bridge" "$@" vifnum=1 netdev=eth1 bridge=xenbr1 > >"$dir/network-bridge" "$@" vifnum=2 netdev=eth2 bridge=xenbr2 > >"$dir/network-bridge" "$@" vifnum=3 netdev=dummy0 bridge=xenbr3 > > > >you also need to change /etc/xen/xend-config.sxp and tell it to run > >your script, instead of the default. > > Gordon, > What version of Xen are you using? I am using 3.2 and my original network script is significantly more complicated than this, are there any issues I face not using that existing script in my version? > > Also, I disabled libvirtd and pointed my vifs to eth0 as my bridge currently while I test and this is working well so far. Will your script work with that service disabled? > > Thanks for all your help! > jlc >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users