Avoip T.P.
-----Original Message-----
From: Fajar A. Nugraha [mailto:list@fajar.net]
Sent: Monday, June 27, 2011 11:31 AM
To: Witvliet, J, CDC/IVENT/OPS/I&S/HIN
Cc: Xen User-List
Subject: Re: [Xen-users] Malfunctioning bridge
On Mon, Jun 27, 2011 at 4:25 PM, <J.Witvliet@mindef.nl>
wrote:> To simulate different networks, I created dummy ethernet devices, and
connected bridges to it.
> All of the bridges are working OK, except ONE: BR2 (for setup, see
> attachement)
>
> If i ping on the vpn-box (vpn is not setup yet) towards internal
> firewall or otherway round i see no traffic at all ( 172.16.100.1 =>
> 172.16.100.2 OR 172.16.100.2 => 172.16.100.1)
>
> Looked at [internal] firewall, at the bridges, routing, but i''m
clue-less....
> Test i''ve done sofar:
>
> Any suggestion where to look next?
Your picture shows br2 is connected to server''s eth1. "brctl
show"
from yuor attachment shows br2 is connected to dummy1, not eth1.
-----Original Message-----
Hi Fajar,
The output from "brctl show" is done from dom-0.
There br0 provides access to the real world
All the others (br1, br2 and br3) are restricted to within the machine
So BR2 is connected to:
A) Dummy0 on dom-0
B) eth1 on kc3072 (vpn)
C) eth1 on kc3041 (fw-int)
The bridges themselves are only visible on the dom-0, not on the dom-U.
Involved (kc3041, kc3072) startup scripts:
name="kc3041"
description="sumunatie interne firewall"
uuid="8cbb5269-e40e-0297-d27a-b2b8e1e2b613"
memory=500
maxmem=1000
vcpus=1
on_poweroff="destroy"
on_reboot="restart"
on_crash="destroy"
localtime=0
keymap="en-us"
builder="linux"
bootloader="/usr/lib/xen/boot/domUloader.py"
bootargs="--entry=xvda1:/boot/vmlinuz-xen,/boot/initrd-xen"
extra=" "
disk=[ ''phy:/dev/xen-productie/kc3041-boot,xvda,w'',
''phy:/dev/xen-productie/kc3041-swap,xvdb,w'',
''phy:/dev/xen-productie/kc3041-syst,xvdc,w'',
''phy:/dev/xen-productie/kc3041-data,xvdd,w'', ] vif=[
''mac=00:16:3e:30:41:00,bridge=br0'',
''mac=00:16:3e:30:41:01,bridge=br2'',
''mac=00:16:3e:30:41:02,bridge=br3'', ]
vfb=[''type=vnc,vncunused=1'']
name="kc3072"
description="int vpn server"
uuid="99ee7c72-493b-e69d-3cfa-7b438fcd2988"
memory=1000
maxmem=1000
vcpus=1
on_poweroff="destroy"
on_reboot="restart"
on_crash="destroy"
localtime=0
keymap="en-us"
builder="linux"
bootloader="/usr/bin/pygrub"
bootargs=""
extra=" "
disk=[ ''phy:/dev/xen-productie/kc3072-boot,xvda,w'',
''phy:/dev/xen-productie/kc3072-swap,xvdb,w'',
''phy:/dev/xen-productie/kc3072-syst,xvdc,w'',
''phy:/dev/xen-productie/kc3072-data,xvdd,w'', ]
vif=[ ''mac=00:16:3e:30:72:01,bridge=br1'',
''mac=00:16:3e:30:72:02,bridge=br2'',
''mac=00:16:3e:30:72:03,bridge=br3'', ]
vfb=[''type=vnc,vncunused=1'']
______________________________________________________________________
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de
geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband
houdt met risico''s verbonden aan het elektronisch verzenden van
berichten.
This message may contain information that is not intended for you. If you are
not the addressee or if this message was sent to you by mistake, you are
requested to inform the sender and delete the message. The State accepts no
liability for damage of any kind resulting from the risks inherent in the
electronic transmission of messages.
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users