Hi, I use a EQ 4 dedicated root server by hetzner with ubuntu jaunty. I installed xen 3.3 with debian kernel and brought up 3 domUs. Now comes networking... Hetzner does not allow bridged networking so I have to use routed mode in xen. No Problem so far, but the Problem actually is: When I bring up a domU the routing table is created by the xen-script vif-routing. The network interface name for this is created dynamically, depending on the domU ID. Example: If the domU ID is 16, the network interfaces name will be vif16.0 in the dom0. So I tell shorewall (iptables frontend) that it shall ACCEPT traffic from an to vif16.0. The next time I restart my server or just the domU, there''s a new network interface name, that the shorewall firewall does not know... As far as I know there''s no way to tell a xen domU to get a static ID, so the network interface name would be static as well. Any Ideas or solutions? _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Tue, Jan 05, 2010 at 02:29:23PM +0100, Info - csdemmer wrote:> Hi, > > I use a EQ 4 dedicated root server by hetzner with ubuntu jaunty. I > installed xen 3.3 with debian kernel and brought up 3 domUs. > Now comes networking... > Hetzner does not allow bridged networking so I have to use routed mode in > xen. No Problem so far, but the Problem actually is: > When I bring up a domU the routing table is created by the xen-script > vif-routing. The network interface name for this is created dynamically, > depending on the domU ID. > > Example: > If the domU ID is 16, the network interfaces name will be vif16.0 in the > dom0. So I tell shorewall (iptables frontend) that it shall ACCEPT traffic > from an to vif16.0. The next time I restart my server or just the domU, > there''s a new network interface name, that the shorewall firewall does not > know... > > As far as I know there''s no way to tell a xen domU to get a static ID, so > the network interface name would be static as well. > Any Ideas or solutions?Yes, the Xen domain IDs are always dynamic. You can configure Xen to assign static vif names for each guest using "vifname=" option on the vif line in /etc/xen/<guest> cfgfile. See "xm create --help_config" for more information. Another option is to parse the guest ID from for example "xm list" and use that in your firewall script to create the vif name. -- Pasi _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Pasi Kärkkäinen wrote:> Another option is to parse the guest ID from for example "xm list" and > use that in your firewall script to create the vif name. >I will recommend Xen commands for that. Like this: # for dev in $(xm network-list <xen-vhost> | awk ''/^[0-9]+/ {print $9}''); do xenstore-read $dev/vifname; done But it is much easier to use the vifname configuration option... -- Peter Viskup _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi csdemmer, Am Dienstag, den 05.01.2010, 14:29 +0100 schrieb Info - csdemmer:> Hi, > > I use a EQ 4 dedicated root server by hetzner with ubuntu jaunty. I > installed xen 3.3 with debian kernel and brought up 3 domUs. > Now comes networking... > Hetzner does not allow bridged networking so I have to use routed mode > in xen. No Problem so far, but the Problem actually is: > When I bring up a domU the routing table is created by the xen-script > vif-routing. The network interface name for this is created > dynamically, depending on the domU ID.Im just assigning one ip of the subnet to dom0, that acts as router.... # cat /etc/xen/scripts/network-hetzner --- #!/bin/bash # # This xen-network-scripts fires up the internal and external bridges, # and finally activates routing in dom0 # # # thohal, 14.01.09 # ###### # # fire up internal bridge for openqrm # ... # .... some magic secrets in here :-) # ... # fire up external bridge public access # xx.yy.zz.16/27 # usable ips: xx.yy.zz.161 - xx.yy.zz.190 brctl addbr xen-public ifconfig xen-public xx.yy.zz.65 netmask 255.255.255.224 up # # finally activate routing and let dom0 act as a router # # echo 1 > /proc/sys/net/ipv4/ip_forward make it executable (chmod +x), configure it in /etc/xen/xend-config.sxp and restart xend...> > Example: > If the domU ID is 16, the network interfaces name will be vif16.0 in > the dom0. So I tell shorewall (iptables frontend) that it shall ACCEPT > traffic from an to vif16.0. The next time I restart my server or just > the domU, there''s a new network interface name, that the shorewall > firewall does not know... > > As far as I know there''s no way to tell a xen domU to get a static ID, > so the network interface name would be static as well. > Any Ideas or solutions?hth, thomas> _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi Again, another approach is here: http://www.howtoforge.com/how-to-enable-networking-in-xen-guests-on-hetzners-new-eq-servers-debian-lenny hth, thomas Am Mittwoch, den 06.01.2010, 14:11 +0100 schrieb Thomas Halinka:> Hi csdemmer, > > Am Dienstag, den 05.01.2010, 14:29 +0100 schrieb Info - csdemmer: > > Hi, > > > > I use a EQ 4 dedicated root server by hetzner with ubuntu jaunty. I > > installed xen 3.3 with debian kernel and brought up 3 domUs. > > Now comes networking... > > Hetzner does not allow bridged networking so I have to use routed mode > > in xen. No Problem so far, but the Problem actually is: > > When I bring up a domU the routing table is created by the xen-script > > vif-routing. The network interface name for this is created > > dynamically, depending on the domU ID. > > Im just assigning one ip of the subnet to dom0, that acts as router.... > > # cat /etc/xen/scripts/network-hetzner > --- > #!/bin/bash > # > # This xen-network-scripts fires up the internal and external > bridges, > # and finally activates routing in dom0 > # > # > # thohal, 14.01.09 > # > ###### > > # > # fire up internal bridge for openqrm > # ... > # .... some magic secrets in here :-) > # ... > # fire up external bridge public access > # xx.yy.zz.16/27 > # usable ips: xx.yy.zz.161 - xx.yy.zz.190 > > brctl addbr xen-public > ifconfig xen-public xx.yy.zz.65 netmask 255.255.255.224 up > > > # > # finally activate routing and let dom0 act as a router > # > # > > echo 1 > /proc/sys/net/ipv4/ip_forward > > make it executable (chmod +x), configure it in /etc/xen/xend-config.sxp > and restart xend... > > > > > > Example: > > If the domU ID is 16, the network interfaces name will be vif16.0 in > > the dom0. So I tell shorewall (iptables frontend) that it shall ACCEPT > > traffic from an to vif16.0. The next time I restart my server or just > > the domU, there''s a new network interface name, that the shorewall > > firewall does not know... > > > > As far as I know there''s no way to tell a xen domU to get a static ID, > > so the network interface name would be static as well. > > Any Ideas or solutions? > > hth, > > thomas > > > _______________________________________________ > > Xen-users mailing list > > Xen-users@lists.xensource.com > > http://lists.xensource.com/xen-users > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users