Hello List, I am trying to configure a setup where the IPs have to bound to the dom0, and then via internal network, these can be used on the domUs. This is a requirement, as the IPs can be configured only on the Dom0 due to their static configuration. I have configured the routed config, and installed the VMs using virt-install. The problem is that the VMs aren''t accessible via static IP. The OS is CentOS 5.7, and Xen is 3.0, the one that comes with the repositories. I have changed the network scripts in xend-config.sxp and the kernel parameters as per this URL: http://www.devco.net/archives/2007/10/18/xen_bridging_and_hetzner.php The link states that I have to configure the IPs in Dom0, and they will get *automatically allocated* to the VMs, which is not happening. I also tried to configure the IP in vm config file by adding vif = [ ''ip=<IP>'' ] Please help. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hello Guys, Hasn''t anyone done any routed network on Xen?? Please reply. On Sun, Feb 5, 2012 at 9:05 PM, DN Singh <dnsingh.dns@gmail.com> wrote:> Hello List, > > I am trying to configure a setup where the IPs have to bound to the dom0, > and then via internal network, these can be used on the domUs. This is a > requirement, as the IPs can be configured only on the Dom0 due to their > static configuration. > I have configured the routed config, and installed the VMs using > virt-install. The problem is that the VMs aren''t accessible via static IP. > The OS is CentOS 5.7, and Xen is 3.0, the one that comes with the > repositories. > > I have changed the network scripts in xend-config.sxp and the kernel > parameters as per this URL: > http://www.devco.net/archives/2007/10/18/xen_bridging_and_hetzner.php > > The link states that I have to configure the IPs in Dom0, and they will > get *automatically allocated* to the VMs, which is not happening. > > I also tried to configure the IP in vm config file by adding vif = [ > ''ip=<IP>'' ] > > Please help. >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hello, answers inline. Am 07.02.2012 14:43, schrieb DN Singh:> Hello Guys, > > Hasn''t anyone done any routed network on Xen?? Please reply.I always use routed setups, but mostly with custom vif scripts for iptables setup.> > On Sun, Feb 5, 2012 at 9:05 PM, DN Singh <dnsingh.dns@gmail.com > <mailto:dnsingh.dns@gmail.com>> wrote: > > Hello List, > > I am trying to configure a setup where the IPs have to bound to > the dom0, and then via internal network, these can be used on the > domUs. This is a requirement, as the IPs can be configured only on > the Dom0 due to their static configuration. >If you say internal network, does this include internal ip addresses? If so, you would not only need routing, but also NAT, esp. if the Dom0 will get all ip addresses assigned.> > I have configured the routed config, and installed the VMs using > virt-install. The problem is that the VMs aren''t accessible via > static IP. > The OS is CentOS 5.7, and Xen is 3.0, the one that comes with the > repositories. >Additional information is needed here: * What are the ip addresses and routes on the Dom0 and the DomU when both are running? (Use `ip addr show` and `ip route show` to list them -- iproute2 utilities needed, but should already be installed) * Is there any network filtering or NAT involved?> > > I have changed the network scripts in xend-config.sxp and the > kernel parameters as per this > URL: http://www.devco.net/archives/2007/10/18/xen_bridging_and_hetzner.php > > The link states that I have to configure the IPs in Dom0, and they > will get *automatically allocated* to the VMs, which is not happening. > > I also tried to configure the IP in vm config file by adding vif > [ ''ip=<IP>'' ] >Usually this would be required, but highly depends on your actual setup and/or vif script.> > > Please help. > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-usersIt would also be helpful if you explain in detail, how your final networking setup should look like. Regards, Felix _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Thanks Felix for the reply, this is the first one that I actually got on this list. I have completed the setup using NAT. The only problem that I had faced, was DomU firewall. The answers are inline... hope it may others... On Fri, Feb 10, 2012 at 6:55 PM, Felix Kuperjans <felix@desaster-games.com>wrote:> Hello, > > answers inline. > > Am 07.02.2012 14:43, schrieb DN Singh: > > Hello Guys, > > Hasn''t anyone done any routed network on Xen?? Please reply. > > I always use routed setups, but mostly with custom vif scripts for > iptables setup. >I did do some customisation, as mentioned in one of the many blogs that I had referred. The changes were made in "/etc/xen/scripts/vif-common.sh", where I changed the *ip_of* function as described below: ------------------------------ function ip_of() { # ip addr show "$1" | awk "/^.*inet.*$1\$/{print \$2}" | sed -n ''1 s,/.*,,p'' ip -4 -o addr show primary dev $1 | awk ''$3 == "inet" {print $4; exit}'' | sed ''s#/.*##'' } ------------------------------> > On Sun, Feb 5, 2012 at 9:05 PM, DN Singh <dnsingh.dns@gmail.com> wrote: > >> Hello List, >> >> I am trying to configure a setup where the IPs have to bound to the >> dom0, and then via internal network, these can be used on the domUs. This >> is a requirement, as the IPs can be configured only on the Dom0 due to >> their static configuration. >> > If you say internal network, does this include internal ip addresses? If > so, you would not only need routing, but also NAT, esp. if the Dom0 will > get all ip addresses assigned. > > Yes, I had to do NAT, as Dom0 got all the IP addresses, and DomUs haveinternal IPs like 192.168.1.2,3,4... I faced one silly problem here, as the Nat was fine, but DomU firewall was blocking the incoming requests. I had overlooked this fact, which led to 4 days of futile research, as I myself figured it out. Anyone doing such setup, please keep DomU firewall in mind.> I have configured the routed config, and installed the VMs using >> virt-install. The problem is that the VMs aren''t accessible via static IP. >> The OS is CentOS 5.7, and Xen is 3.0, the one that comes with the >> repositories. >> > Additional information is needed here: > * What are the ip addresses and routes on the Dom0 and the DomU when both > are running? (Use `ip addr show` and `ip route show` to list them -- > iproute2 utilities needed, but should already be installed) > * Is there any network filtering or NAT involved? > >I''ve cleared these questions, in above answer.> >> I have changed the network scripts in xend-config.sxp and the kernel >> parameters as per this URL: >> http://www.devco.net/archives/2007/10/18/xen_bridging_and_hetzner.php >> >> The link states that I have to configure the IPs in Dom0, and they will >> get *automatically allocated* to the VMs, which is not happening. >> >> I also tried to configure the IP in vm config file by adding vif = [ >> ''ip=<IP>'' ] >> > Usually this would be required, but highly depends on your actual setup > and/or vif script. >I have skipped this part, as I am not assigning these IPs to DomU. Does this method work??> >> Please help. >> > _______________________________________________ > Xen-users mailing listXen-users@lists.xensource.comhttp://lists.xensource.com/xen-users > > It would also be helpful if you explain in detail, how your final > networking setup should look like. > > Regards, > Felix > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users >If anyone has suggestions, please do reply. Thanks and Regards, Rakesh Chawda _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Sat, Feb 11, 2012 at 10:33 PM, Felix Kuperjans <felix@desaster-games.com>wrote:> I think your mails were delayed for some reason... the mail I answered > reached me yesterday... > > See some comments inline. > > Am 11.02.2012 07:13, schrieb Rakesh Chawda: > > Thanks Felix for the reply, this is the first one that I actually got on > this list. > > I have completed the setup using NAT. The only problem that I had faced, > was DomU firewall. > > Quite common problem^^ it''s always better to do first tests with a domU > without any firewall. > > > The answers are inline... hope it may others... > > > On Fri, Feb 10, 2012 at 6:55 PM, Felix Kuperjans <felix@desaster-games.com > > wrote: > >> Hello, >> >> answers inline. >> >> Am 07.02.2012 14:43, schrieb DN Singh: >> >> Hello Guys, >> >> Hasn''t anyone done any routed network on Xen?? Please reply. >> >> I always use routed setups, but mostly with custom vif scripts for >> iptables setup. >> > > I did do some customisation, as mentioned in one of the many blogs that I > had referred. The changes were made in "/etc/xen/scripts/vif-common.sh", > where I changed the *ip_of* function as described below: > ------------------------------ > function ip_of() > { > # ip addr show "$1" | awk "/^.*inet.*$1\$/{print \$2}" | sed -n ''1 > s,/.*,,p'' > ip -4 -o addr show primary dev $1 | awk ''$3 == "inet" {print $4; > exit}'' | sed ''s#/.*##'' > } > ------------------------------ > > I think, hacks in this file shouldn''t be necessary for newer Xen versions, > but may be fine with this old one... > > > >> >> On Sun, Feb 5, 2012 at 9:05 PM, DN Singh <dnsingh.dns@gmail.com> wrote: >> >>> Hello List, >>> >>> I am trying to configure a setup where the IPs have to bound to the >>> dom0, and then via internal network, these can be used on the domUs. This >>> is a requirement, as the IPs can be configured only on the Dom0 due to >>> their static configuration. >>> >> If you say internal network, does this include internal ip addresses? >> If so, you would not only need routing, but also NAT, esp. if the Dom0 will >> get all ip addresses assigned. >> >> Yes, I had to do NAT, as Dom0 got all the IP addresses, and DomUs > have internal IPs like 192.168.1.2,3,4... > > I faced one silly problem here, as the Nat was fine, but DomU firewall was > blocking the incoming requests. I had overlooked this fact, which led to 4 > days of futile research, as I myself figured it out. > > Anyone doing such setup, please keep DomU firewall in mind. > > >> I have configured the routed config, and installed the VMs using >>> virt-install. The problem is that the VMs aren''t accessible via static IP. >>> The OS is CentOS 5.7, and Xen is 3.0, the one that comes with the >>> repositories. >>> >> Additional information is needed here: >> * What are the ip addresses and routes on the Dom0 and the DomU when both >> are running? (Use `ip addr show` and `ip route show` to list them -- >> iproute2 utilities needed, but should already be installed) >> * Is there any network filtering or NAT involved? >> >> > I''ve cleared these questions, in above answer. > >> >>> I have changed the network scripts in xend-config.sxp and the kernel >>> parameters as per this URL: >>> http://www.devco.net/archives/2007/10/18/xen_bridging_and_hetzner.php >>> >>> The link states that I have to configure the IPs in Dom0, and they >>> will get *automatically allocated* to the VMs, which is not happening. >>> >>> I also tried to configure the IP in vm config file by adding vif = [ >>> ''ip=<IP>'' ] >>> >> Usually this would be required, but highly depends on your actual >> setup and/or vif script. >> > > I have skipped this part, as I am not assigning these IPs to DomU. Does > this method work?? > > If it works, you do not seem to need it. However, the default scripts > sometimes require this (don''t know about the requirements of each Xen > version). > > >>> Please help. >>> >> _______________________________________________ >> Xen-users mailing listXen-users@lists.xensource.comhttp://lists.xensource.com/xen-users >> >> It would also be helpful if you explain in detail, how your final >> networking setup should look like. >> >> Regards, >> Felix >> >> _______________________________________________ >> Xen-users mailing list >> Xen-users@lists.xensource.com >> http://lists.xensource.com/xen-users >> > > If anyone has suggestions, please do reply. > > Thanks and Regards, > Rakesh Chawda > > One question / suggestion: > > Why do you want to use NAT for every traffic on all ip addresses? esp. if > you got multiple, I don''t see the point in wasting CPU/Memory resources for > NAT (besides some other ugly side effects that may happen with NAT). >This is why I had asked for suggestions. This is my first setup, hence, I was following different blogs. Please suggest better options. Also, I have hit a new issue. Inspite of the NAT setup, the outgoing IP of all the DomUs can be seen as the main Dom0 IP, and not the individual IPs assigned to the domUs. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Rakesh Chawda wrote:>Also, I have hit a new issue. Inspite of the NAT setup, the outgoing >IP of all the DomUs can be seen as the main Dom0 IP, and not the >individual IPs assigned to the domUs.Please try to trim excess quoted material ! The fact that everything appears to come from one IP is a function of the NAT - not "inspite of it". Unless you take measures to do something different, then the default for most NAT setups is that all traffic will use one IP. But at this point, could I suggest a step back for a moment. I''m struggling to understand your network setup, so perhaps you could describe in detail what you get from your ISP - it would help in trying to suggest how to get your networking going. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books.
On Mon, Feb 13, 2012 at 1:26 PM, Simon Hobson <linux@thehobsons.co.uk>wrote:> Rakesh Chawda wrote: > > Also, I have hit a new issue. Inspite of the NAT setup, the outgoing IP >> of all the DomUs can be seen as the main Dom0 IP, and not the individual >> IPs assigned to the domUs. >> > > Please try to trim excess quoted material ! > > The fact that everything appears to come from one IP is a function of the > NAT - not "inspite of it". Unless you take measures to do something > different, then the default for most NAT setups is that all traffic will > use one IP. > > But at this point, could I suggest a step back for a moment. I''m > struggling to understand your network setup, so perhaps you could describe > in detail what you get from your ISP - it would help in trying to suggest > how to get your networking going. > > -- > Simon Hobson > > Visit http://www.**magpiesnestpublishing.co.uk/<http://www.magpiesnestpublishing.co.uk/>for books by acclaimed > author Gladys Hobson. Novels - poetry - short stories - ideal as > Christmas stocking fillers. Some available as e-books. > > > ______________________________**_________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/**xen-users<http://lists.xensource.com/xen-users> >Thanks for the answer. I solved the problem of outgoing IP, by removing one particular rule: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE Now, the outgoing IP is as required (additional static IPs). Below are the details of the setup as required, please suggest as required: Main Server IP: 1.1.1.5 (eg.) Gateway for Main IP: 1.1.1.1 Additional IP: 1.1.2.1/28 (Different Subnet) Gateway for additional IPs: not required, as they are "statically bound to MAC address --stated by DC" The additional IPs to be used only on Dom0 to avoid different MAC addr. Hence, xen bridge network is out of question. I have added these IPs using alias adapters eth0:1, eth0:2, etc. So, I am using xen routed network scripts, where virbr0 gets 192.168.122.1 IP, and becomes the gateway for the DomUs. The DomUs now have IPs in the range of 192.168.122.0/24. The setup requirement is that the DomUs should be accessible with the additional static IPs, so I took the path of NAT. This setup is working now, but I doubt about the performance, as it was previously stated that this will utilize more resources. So, please please suggest other options. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Rakesh Chawda wrote:>Main Server IP: 1.1.1.5 (eg.) >Gateway for Main IP: 1.1.1.1 >Additional IP: 1.1.2.1/28 (Different Subnet) >Gateway for additional IPs: not required, as they are "statically >bound to MAC address --stated by DC" > >The additional IPs to be used only on Dom0 to avoid different MAC >addr. Hence, xen bridge network is out of question. I have added >these IPs using alias adapters eth0:1, eth0:2, etc. > >So, I am using xen routed network scripts, where virbr0 gets >192.168.122.1 IP, and becomes the gateway for the DomUs. The DomUs >now have IPs in the range of 192.168.122.0/24.OK, this setup isn''t that dissimilar to one of my customer sites. In effect, your "gateway" has one IP address for it''s outside interface, and you have a subnet routed via that gateway. In your case, they''ll have put some router in based on MAC address, in my case it''s a PPP link (ADSL service). I can think of two techniques you may wish to consider. First off, take a look at http://shorewall.net/ProxyARP.htm - allow some time as I suspect you may struggle to get your head around it. Obviously this is written from the perspective of using Shorewall to set it all up, but the concepts should be portable. Secondly (and I think, a lot easier), you should be able to do it very simply with a "two interface" setup. Configure your Dom0 with one ordinary interface connected to your ISP''s service. This will have the IP 1.1.1.5 and it **NOT** connected to a bridge. Create a bridge, but do not add a physical NIC to it (unless you need other internal machines to have access). Give this an IP address of 1.1.2.1/28. Now give your DomUs IPs in the rest of the 1.1.2.0/28 subnet (ie 1.1.2.2 through 1.1.2.14), connect their VIF to the bridge defined in the step above, and have them use 1.1.2.1 as their default gateway. With this setup, Dom0 acts as a router. Inbound packets will arrive on it''s external NIC, it will route them, and spit them out via the bridge - at which point the Xen networking code will pick up the packet and pass it to the DomU via it''s VIF. Similarly, outbound packets from the DomU will get stuffed into the bridge by the Xen network code, they will then be picked up by Dom0 and routed to the outside world. Note that for both inbound and outbound packets, one of the MAC addresses (Dest for inbound, source for outbound) will be that of the DomU physical NIC. As a refinement, you can run either of these methods in it''s own DomU. Use PCI passthrough to pass the physical NIC through to the DomU as one NIC, and give it a VIF as a second NIC on your internal network (Dom0 bridge). You now have a neatly segregated virtual box that can act as router and firewall - without having to bother about iptables rules on Dom0. This is the setup I run at home. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books.
> > OK, this setup isn''t that dissimilar to one of my customer sites. In > effect, your "gateway" has one IP address for it''s outside interface, and > you have a subnet routed via that gateway. In your case, they''ll have put > some router in based on MAC address, in my case it''s a PPP link (ADSL > service). > > I can think of two techniques you may wish to consider. > > > First off, take a look at http://shorewall.net/ProxyARP.**htm<http://shorewall.net/ProxyARP.htm>- allow some time as I suspect you may struggle to get your head around it. > Obviously this is written from the perspective of using Shorewall to set it > all up, but the concepts should be portable. > > > Secondly (and I think, a lot easier), you should be able to do it very > simply with a "two interface" setup. > Configure your Dom0 with one ordinary interface connected to your ISP''s > service. This will have the IP 1.1.1.5 and it **NOT** connected to a bridge. > Create a bridge, but do not add a physical NIC to it (unless you need > other internal machines to have access). Give this an IP address of > 1.1.2.1/28. > Now give your DomUs IPs in the rest of the 1.1.2.0/28 subnet (ie 1.1.2.2 > through 1.1.2.14), connect their VIF to the bridge defined in the step > above, and have them use 1.1.2.1 as their default gateway. > > With this setup, Dom0 acts as a router. Inbound packets will arrive on > it''s external NIC, it will route them, and spit them out via the bridge - > at which point the Xen networking code will pick up the packet and pass it > to the DomU via it''s VIF. > Similarly, outbound packets from the DomU will get stuffed into the bridge > by the Xen network code, they will then be picked up by Dom0 and routed to > the outside world. > Note that for both inbound and outbound packets, one of the MAC addresses > (Dest for inbound, source for outbound) will be that of the DomU physical > NIC. >What you are suggesting is routed network, but without NAT. I am using it currently, as there is virbr0 (created by Xen vif-route scripts), but the additional IPs are bound on Dom0, and not DomU. The output of *brctl show* *------------------------* virbr0 8000.feffffffffff yes vif8.0 vif7.0 vif6.0 vif5.0 vif4.0 vif3.0 vif2.0 vif1.0 *------------------------* Also, you suggested binding the additional IPs to DomUs, which I had tried, but the DomUs never got connected to the internet, as they did not find any gateway. The DC suggests binding the IPs straight away on the parent node, and they will get the gateway automatically due to their statically bound nature. Refer this link<http://wiki.hetzner.de/index.php/Zusaetzliche_IP-Adressen/en>, as I feel I may be missing something from the it. I think there is some confusion regarding the gateway, as the setup seems to be getting complicated. Below is the ifcfg-eth0 of the server (where x is the same number): ---------------------- DEVICE=eth0 BOOTPROTO=static BROADCAST=176.9.x.159 HWADDR=a:a:a:a:a:a IPADDR=176.9.x.145 NETMASK=255.255.255.255 SCOPE="peer 176.9.x.129" ----------------------> As a refinement, you can run either of these methods in it''s own DomU. Use > PCI passthrough to pass the physical NIC through to the DomU as one NIC, > and give it a VIF as a second NIC on your internal network (Dom0 bridge). > You now have a neatly segregated virtual box that can act as router and > firewall - without having to bother about iptables rules on Dom0. This is > the setup I run at home.This sounds interesting, but I''ll have to dig deeper into it. Will there be any performance increase, if I shift away from NAT? Even little CPU power cannot be wasted here, as this will become a heavily loaded server.> > > -- > Simon Hobson > > Visit http://www.**magpiesnestpublishing.co.uk/<http://www.magpiesnestpublishing.co.uk/>for books by acclaimed > author Gladys Hobson. Novels - poetry - short stories - ideal as > Christmas stocking fillers. Some available as e-books. > > ______________________________**_________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/**xen-users<http://lists.xensource.com/xen-users> >Thanks Simon, and any suggestions Felix?? _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
> > OK, this setup isn''t that dissimilar to one of my customer sites. In > effect, your "gateway" has one IP address for it''s outside interface, and > you have a subnet routed via that gateway. In your case, they''ll have put > some router in based on MAC address, in my case it''s a PPP link (ADSL > service). > > I can think of two techniques you may wish to consider. > > > First off, take a look at http://shorewall.net/ProxyARP.htm - allow some > time as I suspect you may struggle to get your head around it. Obviously > this is written from the perspective of using Shorewall to set it all up, > but the concepts should be portable. > > > Secondly (and I think, a lot easier), you should be able to do it very > simply with a "two interface" setup. > Configure your Dom0 with one ordinary interface connected to your ISP''s > service. This will have the IP 1.1.1.5 and it **NOT** connected to a bridge. > Create a bridge, but do not add a physical NIC to it (unless you need > other internal machines to have access). Give this an IP address of > 1.1.2.1/28. > Now give your DomUs IPs in the rest of the 1.1.2.0/28 subnet (ie 1.1.2.2 > through 1.1.2.14), connect their VIF to the bridge defined in the step > above, and have them use 1.1.2.1 as their default gateway. > > With this setup, Dom0 acts as a router. Inbound packets will arrive on > it''s external NIC, it will route them, and spit them out via the bridge - > at which point the Xen networking code will pick up the packet and pass it > to the DomU via it''s VIF. > Similarly, outbound packets from the DomU will get stuffed into the bridge > by the Xen network code, they will then be picked up by Dom0 and routed to > the outside world. > Note that for both inbound and outbound packets, one of the MAC addresses > (Dest for inbound, source for outbound) will be that of the DomU physical > NIC. >What you are suggesting is routed network, but without NAT. I am using it currently, as there is virbr0 (created by Xen vif-route scripts), but the additional IPs are bound on Dom0, and not DomU. The output of *brctl show* *------------------------* virbr0 8000.feffffffffff yes vif8.0 vif7.0 vif6.0 vif5.0 vif4.0 vif3.0 vif2.0 vif1.0 *------------------------* Also, you suggested binding the additional IPs to DomUs, which I had tried, but the DomUs never got connected to the internet, as they did not find any gateway. The DC suggests binding the IPs straight away on the parent node, and they will get the gateway automatically due to their statically bound nature. Refer this link<http://wiki.hetzner.de/index.php/Zusaetzliche_IP-Adressen/en>, as I feel I may be missing something from the it. I think there is some confusion regarding the gateway, as the setup seems to be getting complicated. Below is the ifcfg-eth0 of the server (where x is the same number): ---------------------- DEVICE=eth0 BOOTPROTO=static BROADCAST=176.9.x.159 HWADDR=a:a:a:a:a:a IPADDR=176.9.x.145 NETMASK=255.255.255.255 SCOPE="peer 176.9.x.129" ----------------------> As a refinement, you can run either of these methods in it''s own DomU. Use > PCI passthrough to pass the physical NIC through to the DomU as one NIC, > and give it a VIF as a second NIC on your internal network (Dom0 bridge). > You now have a neatly segregated virtual box that can act as router and > firewall - without having to bother about iptables rules on Dom0. This is > the setup I run at home.This sounds interesting, but I''ll have to dig deeper into it. Will there be any performance increase, if I shift away from NAT? Even little CPU power cannot be wasted here, as this will become a heavily loaded server.> > > -- > Simon Hobson > > Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed > author Gladys Hobson. Novels - poetry - short stories - ideal as > Christmas stocking fillers. Some available as e-books. > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users >Thanks Simon, and any suggestions Felix?? _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
DN Singh wrote:>Secondly (and I think, a lot easier), you should be able to do it >very simply with a "two interface" setup. >Configure your Dom0 with one ordinary interface connected to your >ISP''s service. This will have the IP 1.1.1.5 and it **NOT** >connected to a bridge. >Create a bridge, but do not add a physical NIC to it (unless you >need other internal machines to have access). Give this an IP >address of 1.1.2.1/28. >Now give your DomUs IPs in the rest of the 1.1.2.0/28 subnet (ie >1.1.2.2 through 1.1.2.14), connect their VIF to the bridge defined >in the step above, and have them use 1.1.2.1 as their default >gateway.>Also, you suggested binding the additional IPs to DomUs, which I had >tried, but the DomUs never got connected to the internet, as they >did not find any gateway. The DC suggests binding the IPs straight >away on the parent node, and they will get the gateway automatically >due to their statically bound nature. ><http://wiki.hetzner.de/index.php/Zusaetzliche_IP-Adressen/en>Refer >this link, as I feel I may be missing something from the it.Then I suggest you go back and read what I wrote :-/ They don''t "find" a gateway, you tell them what the gateway is - it''s the "internal" side of the Dom0 routing. Ie, showing just one DomU, you''d have : ISP -- 1.1.1.5 eth0 - Dom0 - br0 1.1.2.1 -- vifx.y -- 1.1.2.2 eth0 - DomU DomU needs only 3 bits of information, it''s IP address, netmask, and default router. The latter is 1.1.2.1, the IP address in the inside of Dom0>I think there is some confusion regarding the gateway, as the setup >seems to be getting complicated.It shouldn''t be, this is possibly one of the simplest possible configurations to set up ! From the above link, see this section :>Problems with virtualization >With this type of IP/subnet allocation, it is not possible to use a >"bridged" setup, as with such a setup several MAC addresses appear. >VPS (linux virtual servers, Xen, vmware, etc) must use a so-called >"Routed" setup (VMware: "host-only networking"). With an additional >subnet the host system or dom0 must be configured with an IP address >from the subnet which is then used as a gateway for the VPS. The >(additional) address of the host system must be configured in the >VPS in each case as a gateway.It describes EXACTLY what I wrote above. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books.