I have a little strange problem. I have two eth0 and eth1 on dom0 , eth1 is private . on dom0 i dont want to allocate IP ln eth0 but want domUs to use it as bridge with Ips. does it make sense ? any suggestion ? -- Regards Zeeshan Ali Shah System Administrator PDC-Center for High Performance Computing KTH-Royal Institute of Technology, Sweden +46 8 790 9115 _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
What you are describing sounds similar to what Eucalyptus cloud system does with managed networks, but they are doing it all on the private network side with a "VLAN-Clean" network. I think that if eth0 is your link to the outside world you have to have an IP on it, but I might be wrong. Steve Timm On Wed, 16 Feb 2011, Zeeshan Ali Shah wrote:> I have a little strange problem. > > I have two eth0 and eth1 on dom0 , eth1 is private . > > on dom0 i dont want to allocate IP ln eth0 but want domUs to use it as bridge > with Ips. > > does it make sense ? any suggestion ? > >-- ------------------------------------------------------------------ Steven C. Timm, Ph.D (630) 840-8525 timm@fnal.gov http://home.fnal.gov/~timm/ Fermilab Computing Division, Scientific Computing Facilities, Grid Facilities Department, FermiGrid Services Group, Group Leader. Lead of FermiCloud project. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On 16/02/11 15:29, Zeeshan Ali Shah wrote:> I have a little strange problem. > > I have two eth0 and eth1 on dom0 , eth1 is private . > > on dom0 i dont want to allocate IP ln eth0 but want domUs to use it as > bridge with Ips. > > does it make sense ? any suggestion ? >This makes perfect sense. Just don''t give eth0 or your bridge interface an IP. Sorted. Since bridging is Layer-2, your DomUs can still have an IP and send traffic out via eth0. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On 16/02/11 15:58, Zeeshan Ali Shah wrote:> you mean simply remove an ip from eth0 ? ifcfg-eth0 for example ? > > Zeeshan >Yes. Make sure that DHCP is off. And also make sure that your bridge won''t get an IP either. You could also go a couple of steps further by using iptables to protect your setup (e.g. iptables -I INPUT -i eth0 -j DROP) and maybe even ebtables. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Wed, Feb 16, 2011 at 8:59 PM, Zeeshan Ali Shah <zashah@pdc.kth.se> wrote:> I have a little strange problem. > > I have two eth0 and eth1 on dom0 , eth1 is private . > > on dom0 i dont want to allocate IP ln eth0 but want domUs to use it as > bridge with Ips. > > does it make sense ? any suggestion ? > > --It very well makes sense and as other people have pointed out I also want to say that use a gui virt-manager for this that way you will save yourself a lot of time. I have a correctly configured bridge which looks like this auto lo iface lo inet loopback # The primary network interface auto eth2 iface eth2 inet manual auto br0 iface br0 inet static address 192.168.1.14 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.10 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 192.168.13.2 dns-search myserver.net bridge_ports eth2 bridge_fd 9 bridge_hello 2 bridge_maxage 12 bridge_stp off if you note above output I am using eth2 i.e. third lan card in my bridge I believe that if I want to use my other lan cards then in line where I mention auto eth2 iface eth2 inet manual I will replace the word manual by static (or what ever relevant) and then write rest of the configuration. I will recommend you this page to understand what the word inet manual in above line refers to http://manpages.ubuntu.com/manpages/lucid/man5/interfaces.5.html Make sure you do not bring the other lan card with this bridge so as to be a part of your private network. -- http://mightydreams.blogspot.com _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Thanks a lot, I really admire how active xen user list is.. i will try and update later. BR Zeeshan On 02/16/2011 07:46 PM, Tapas Mishra wrote:> On Wed, Feb 16, 2011 at 8:59 PM, Zeeshan Ali Shah<zashah@pdc.kth.se> wrote: >> I have a little strange problem. >> >> I have two eth0 and eth1 on dom0 , eth1 is private . >> >> on dom0 i dont want to allocate IP ln eth0 but want domUs to use it as >> bridge with Ips. >> >> does it make sense ? any suggestion ? >> >> -- > > It very well makes sense and as other people have pointed out I also > want to say that use a gui > virt-manager for this that way you will save yourself a lot of time. > I have a correctly configured bridge which looks like this > auto lo > iface lo inet loopback > > # The primary network interface > auto eth2 > iface eth2 inet manual > > auto br0 > iface br0 inet static > address 192.168.1.14 > netmask 255.255.255.0 > network 192.168.1.0 > broadcast 192.168.1.255 > gateway 192.168.1.10 > # dns-* options are implemented by the resolvconf package, if installed > dns-nameservers 192.168.13.2 > dns-search myserver.net > bridge_ports eth2 > bridge_fd 9 > bridge_hello 2 > bridge_maxage 12 > bridge_stp off > > > if you note above output I am using eth2 i.e. third lan card in my > bridge I believe that if I want to use my other lan cards > then in line where I mention > > auto eth2 > iface eth2 inet manual > > I will replace the word manual by static (or what ever relevant) > and then write rest of the configuration. > I will recommend you this page to understand what the word inet > manual in above line refers to > http://manpages.ubuntu.com/manpages/lucid/man5/interfaces.5.html > > > Make sure you do not bring the other lan card with this bridge so as > to be a part of your private network.-- Regards Zeeshan Ali Shah System Administrator PDC-Center for High Performance Computing KTH-Royal Institute of Technology, Sweden +46 8 790 9115 _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On 17/02/11 16:05, Zeeshan Ali Shah wrote:> thanks a lot Jonathan, > do you have good example for ebtable i.e. to have firewall on outgoing > bridge ?No probs. Syntax for ebtables is very similar to iptables, except ebtables works at layer-2. So, to stop eth0 traffic from entering the input chain on the Dom0, just do: ebtables -I INPUT -i eth0 -j BLOCK _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users