Hi All, I''m trying to put all my computers in one box using xen and debian 6. I need a public web server (called libel) on fixed IP, a wireless access point and router (fraud) on dynamic IP, and a family file server (incest). The plan was to let libel dial into its fixed IP and have no relationship whatsoever with the rest of the house. Fraud was gonna dial the dynamic IP, put up a wireless network that laptops connect to, dangle another wire to incest and do NAT for incest and everybody on the wireless. I don''t really want dom0 (murder) connected to anything but the keyboard and TV. I got all 4 machines created and they all jumped on the eth0 bridge by default so fraud and libel can talk to the modem independently. I can also see how to take incest off eth0 if I can be bothered. So far so good. Now I want to let fraud create the wireless network. I''ll know what to write in /etc/network/interfaces about SSIDs etc when I get that far. But I can''t see how I''m supposed to get the wireless NIC into xen at all. Murder can see it in lspci and after installing wireless-tools on murder I can see it as wlan0 in iwconfig, but then what? I''m not seeing any vifs that correspond to it in fraud or any other VMs, in fact I wouldn''t know where to look for them. There''s not even a /dev/eth0 in the VMs. I read something about getting 7 or 8 vifs by default but I don''t know where to look for them either. Perhaps if I bring up the wireless in murder with the SSID and everything, it would appear as a vif in fraud, but the whole point of fraud is to do that stuff and keep murder as a hermit. So where do I begin? BTW, I don''t have a GUI on any of these machines so I need instructions for the command line. Any help much appreciated, Adrian. _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
Hello. El 19/06/12 10:06, Adrian May escribió:> But I can''t see how I''m supposed to get the wireless NIC into xen at > all.I believe Xen does not supports that low level interaction between a DomU and the hardware with some standard wrapper, like with wired Ethernet interface. Check if your Motherboard supports IOMMU. Probably your best shot would be passthrugh the whole WiFi card into Fraud. That is hopefully low level enough. http://wiki.xen.org/wiki/Xen_PCI_Passthrough -- Alexandre Kouznetsov
Adrian, Actually, what you are trying to achieve is not possible without IOMMU, as a vif is just a bridged virtual interface. Your DomU needs direct access to the physical card, using PCI Passthrough. For this both your CPU and Motherboard must be IOMMU Compatible (VT-d for Intel, AMD-Vi for AMD). I have a similar configuration at home involving a PFSense router, debian web server and multimedia virtual machine. To save you some time, you probably won''t achieve Wireless N, this is because most routing packages do not yet support it. As of March there were only a handful of drivers, and the related chips were only featured in laptop wireless cards. So you are facing two problems: A. Do you have IOMMU Compliant Hardware? B. Is Wireless G Okay? Based on these machines: murder (dom0) libel (domu web server) fraud (domu router) incest (file server domu?) These solutions are based on two assumptions: A. That fraud is to provide iinternet access for the connection machines. B. That libel and fraud will be using a routing device, but libel needs a static IP. If not A then omit the WAN interface for fraud from the proposed solutions. If not B then add one extra interface for a separated WAN for libel. My proposed solution: Using two physical NIC''s you would bridge them using murder''s interfaces file. You can tell murder to ignore these bridges so it remains a hermit and doesn''t grab an IP. The bridges could be WAN and LAN. WAN can be passed to fraud and libel. Assign a static IP in libel''s interfaces file. Let fraud receive a dynamic IP from WAN. Connect the LAN bridge to fraud and to incest, and have the physical NIC connect to a Wireless N router. Configure the Wireless N router to use bridged mode, and install a routing package in fraud, because interfaces probably won''t do everything you need it to for intranet management. Your Ideal Solution: To achieve exactly what you want, you need IOMMU to let murder remain a hermit. You will need at least one physical known compatible wireless G device and a routing package selected for fraud. You will need one physical NIC for libel, another physical NIC for fraud. You can pass one physical NIC to libel and assign a static IP using libel''s interfaces file. You can pass a physical NIC to fraud for WAN and let it pull a dynamic IP from another routing device. You can also pass the physical wireless G card to fraud, and install the selected routing package to setup your WAP. For incest you can use another Wireless NIC to connect to fraud wirelessly, or you will need two more physical NIC''s for fraud and for incest and a cable to connect the two. I hope this helps get you started. ~Casey On Tue, Jun 19, 2012 at 12:36 PM, Alexandre Kouznetsov <alk@ondore.com>wrote:> Hello. > > El 19/06/12 10:06, Adrian May escribió: > > But I can''t see how I''m supposed to get the wireless NIC into xen at >> all. >> > > I believe Xen does not supports that low level interaction between a DomU > and the hardware with some standard wrapper, like with wired Ethernet > interface. > > Check if your Motherboard supports IOMMU. Probably your best shot would be > passthrugh the whole WiFi card into Fraud. That is hopefully low level > enough. > > http://wiki.xen.org/wiki/Xen_**PCI_Passthrough<http://wiki.xen.org/wiki/Xen_PCI_Passthrough> > > -- > Alexandre Kouznetsov > > ______________________________**_________________ > Xen-users mailing list > Xen-users@lists.xen.org > http://lists.xen.org/xen-users >_______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
Hi Guys, Thanks for your help so far. My mainboard is Asus E45M1 which has an AMD Fusion E450 processor (AMD-V but probably not Vi), one ethernet port and an onboard wireless N. I chose that over the Atom cos the latter has no HW virtualisation at all. One of my main goals is not to have a crappy wireless router in the house any more - I want to make my own so I don''t have to put up with the bugs they deliberately build into those things to make companies pay $500 for the "professional" ones. Fraud is supposed to be the wireless router. Anyway, I only have one ethernet slot on the board. Libel isn''t an issue - it can already see eth0 on which the modem is waiting to connect pppoe clients to servers supplying fixed or dynamic IP addresses. BTW, it''ll also provide an OpenVPN for friends with paranoid governments (either that or another box called treason will) who might want to bring it down, hence the insistence that it''s in no way connected to my domestic stuff. Seems like I have to settle for murder bringing up the wireless cos there''s no AMD-Vi. Does that mean I''ll get wireless N speeds or still have to put up with G? If murder sets up the wireless in /etc/network/interfaces, what next? I could just forget all about fraud and let murder do its jobs, but then I''d have dom0 connected directly to the jungle, which is extremely uncomfortable - I have all my family photos on incest and if some spammer hacked murder he wouldn''t even notice what he was bulldozing to make room for his spam list. Incest is the only thing I really need to protect. I could just about tolerate murder having a life on the domestic wireless network, but I really did want to keep it off the internet. I also had a plan to put up an open wireless network for friends and neighbours, but murder and incest would have to be protected from it. Maybe it''s just a case of being very careful with my iptables, but I''m not especially confident of my ability to make that tight. Some of those scripts on the internet are talking about weaknesses I never would have thought of. Adrian. On 20 June 2012 07:44, Casey DeLorme <cdelorme@gmail.com> wrote:> > Adrian, > > > Actually, what you are trying to achieve is not possible without IOMMU, as > a vif is just a bridged virtual interface. Your DomU needs direct access > to the physical card, using PCI Passthrough. For this both your CPU and > Motherboard must be IOMMU Compatible (VT-d for Intel, AMD-Vi for AMD). > > I have a similar configuration at home involving a PFSense router, debian > web server and multimedia virtual machine. To save you some time, you > probably won''t achieve Wireless N, this is because most routing packages do > not yet support it. As of March there were only a handful of drivers, and > the related chips were only featured in laptop wireless cards. > > > > So you are facing two problems: > > A. Do you have IOMMU Compliant Hardware? > > B. Is Wireless G Okay? > > > > Based on these machines: > > murder (dom0) > libel (domu web server) > fraud (domu router) > incest (file server domu?) > > These solutions are based on two assumptions: > > A. That fraud is to provide iinternet access for the connection machines. > B. That libel and fraud will be using a routing device, but libel needs a > static IP. > > If not A then omit the WAN interface for fraud from the proposed solutions. > If not B then add one extra interface for a separated WAN for libel. > > > > My proposed solution: > > Using two physical NIC''s you would bridge them using murder''s interfaces > file. You can tell murder to ignore these bridges so it remains a hermit > and doesn''t grab an IP. > > The bridges could be WAN and LAN. WAN can be passed to fraud and libel. > Assign a static IP in libel''s interfaces file. Let fraud receive a > dynamic IP from WAN. Connect the LAN bridge to fraud and to incest, and > have the physical NIC connect to a Wireless N router. > > Configure the Wireless N router to use bridged mode, and install a routing > package in fraud, because interfaces probably won''t do everything you need > it to for intranet management. > > > > Your Ideal Solution: > > To achieve exactly what you want, you need IOMMU to let murder remain a > hermit. > > You will need at least one physical known compatible wireless G device and > a routing package selected for fraud. > > You will need one physical NIC for libel, another physical NIC for fraud. > > You can pass one physical NIC to libel and assign a static IP using > libel''s interfaces file. > > You can pass a physical NIC to fraud for WAN and let it pull a dynamic IP > from another routing device. You can also pass the physical wireless G > card to fraud, and install the selected routing package to setup your WAP. > > For incest you can use another Wireless NIC to connect to fraud > wirelessly, or you will need two more physical NIC''s for fraud and for > incest and a cable to connect the two. > > > > I hope this helps get you started. > > ~Casey > > > > On Tue, Jun 19, 2012 at 12:36 PM, Alexandre Kouznetsov <alk@ondore.com>wrote: > >> Hello. >> >> El 19/06/12 10:06, Adrian May escribió: >> >> But I can''t see how I''m supposed to get the wireless NIC into xen at >>> all. >>> >> >> I believe Xen does not supports that low level interaction between a DomU >> and the hardware with some standard wrapper, like with wired Ethernet >> interface. >> >> Check if your Motherboard supports IOMMU. Probably your best shot would >> be passthrugh the whole WiFi card into Fraud. That is hopefully low level >> enough. >> >> http://wiki.xen.org/wiki/Xen_**PCI_Passthrough<http://wiki.xen.org/wiki/Xen_PCI_Passthrough> >> >> -- >> Alexandre Kouznetsov >> >> ______________________________**_________________ >> Xen-users mailing list >> Xen-users@lists.xen.org >> http://lists.xen.org/xen-users >> > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xen.org > http://lists.xen.org/xen-users >_______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
From what I read it was less about speeds and more about hardware compatibility, either it is supported by the routing package or it isn''t (works/doesn''t). I had a discussion here, where someone mentioned a linux package that supposedly had some support for a limited set of Wireless N devices: http://forum.pfsense.org/index.php/topic,42205.0.html If you are worried about exposing murder to the www, then you might consider turning fraud into a firewall, and bridging to fraud and back to murder via lan, where the lan is entirely virtual and bridged to share the connection with the wireless NIC. The only downside here is you aren''t protecting murder/incest from anyone accessing your local network. If you go that route though, you can setup your interfaces like this (I substituted the wifi name with "wifi" since I don''t know how those are seen by the interfaces file): auto lo wan lan iface lo inet loopback iface eth0 inet manual iface wan inet manual bridged_ports eth0 iface lan inet dhcp bridged_ports wifi You would pass both "wan" and "lan" to fraud. fraud would have some firewall package and connect "wan" to "lan", and probably handle dhcp on "lan". You could install the routing package on murder to broadcast the WAP, if it supports bridged mode you could let fraud handle the dhcp, otherwise you may have to add a dhcp server on murder as well. Again that''ll only work if you aren''t overly concerned about local network security, and if your onboard wireless is supported by the routing package. On Wed, Jun 20, 2012 at 12:15 AM, Adrian May <adrian.alexander.may@gmail.com> wrote:> Hi Guys, > > Thanks for your help so far. My mainboard is Asus E45M1 which has an AMD > Fusion E450 processor (AMD-V but probably not Vi), one ethernet port and an > onboard wireless N. I chose that over the Atom cos the latter has no HW > virtualisation at all. > > One of my main goals is not to have a crappy wireless router in the house > any more - I want to make my own so I don''t have to put up with the bugs > they deliberately build into those things to make companies pay $500 for > the "professional" ones. Fraud is supposed to be the wireless router. > Anyway, I only have one ethernet slot on the board. > > Libel isn''t an issue - it can already see eth0 on which the modem is > waiting to connect pppoe clients to servers supplying fixed or dynamic IP > addresses. BTW, it''ll also provide an OpenVPN for friends with paranoid > governments (either that or another box called treason will) who might want > to bring it down, hence the insistence that it''s in no way connected to my > domestic stuff. > > Seems like I have to settle for murder bringing up the wireless cos > there''s no AMD-Vi. Does that mean I''ll get wireless N speeds or still have > to put up with G? > > If murder sets up the wireless in /etc/network/interfaces, what next? > > I could just forget all about fraud and let murder do its jobs, but then > I''d have dom0 connected directly to the jungle, which is extremely > uncomfortable - I have all my family photos on incest and if some spammer > hacked murder he wouldn''t even notice what he was bulldozing to make room > for his spam list. Incest is the only thing I really need to protect. > > I could just about tolerate murder having a life on the domestic wireless > network, but I really did want to keep it off the internet. I also had a > plan to put up an open wireless network for friends and neighbours, but > murder and incest would have to be protected from it. Maybe it''s just a > case of being very careful with my iptables, but I''m not especially > confident of my ability to make that tight. Some of those scripts on the > internet are talking about weaknesses I never would have thought of. > > Adrian. > > > On 20 June 2012 07:44, Casey DeLorme <cdelorme@gmail.com> wrote: > >> >> Adrian, >> >> >> Actually, what you are trying to achieve is not possible without IOMMU, >> as a vif is just a bridged virtual interface. Your DomU needs direct >> access to the physical card, using PCI Passthrough. For this both your CPU >> and Motherboard must be IOMMU Compatible (VT-d for Intel, AMD-Vi for AMD). >> >> I have a similar configuration at home involving a PFSense router, debian >> web server and multimedia virtual machine. To save you some time, you >> probably won''t achieve Wireless N, this is because most routing packages do >> not yet support it. As of March there were only a handful of drivers, and >> the related chips were only featured in laptop wireless cards. >> >> >> >> So you are facing two problems: >> >> A. Do you have IOMMU Compliant Hardware? >> >> B. Is Wireless G Okay? >> >> >> >> Based on these machines: >> >> murder (dom0) >> libel (domu web server) >> fraud (domu router) >> incest (file server domu?) >> >> These solutions are based on two assumptions: >> >> A. That fraud is to provide iinternet access for the connection machines. >> B. That libel and fraud will be using a routing device, but libel needs >> a static IP. >> >> If not A then omit the WAN interface for fraud from the proposed >> solutions. >> If not B then add one extra interface for a separated WAN for libel. >> >> >> >> My proposed solution: >> >> Using two physical NIC''s you would bridge them using murder''s interfaces >> file. You can tell murder to ignore these bridges so it remains a hermit >> and doesn''t grab an IP. >> >> The bridges could be WAN and LAN. WAN can be passed to fraud and libel. >> Assign a static IP in libel''s interfaces file. Let fraud receive a >> dynamic IP from WAN. Connect the LAN bridge to fraud and to incest, and >> have the physical NIC connect to a Wireless N router. >> >> Configure the Wireless N router to use bridged mode, and install a >> routing package in fraud, because interfaces probably won''t do everything >> you need it to for intranet management. >> >> >> >> Your Ideal Solution: >> >> To achieve exactly what you want, you need IOMMU to let murder remain a >> hermit. >> >> You will need at least one physical known compatible wireless G device >> and a routing package selected for fraud. >> >> You will need one physical NIC for libel, another physical NIC for fraud. >> >> You can pass one physical NIC to libel and assign a static IP using >> libel''s interfaces file. >> >> You can pass a physical NIC to fraud for WAN and let it pull a dynamic IP >> from another routing device. You can also pass the physical wireless G >> card to fraud, and install the selected routing package to setup your WAP. >> >> For incest you can use another Wireless NIC to connect to fraud >> wirelessly, or you will need two more physical NIC''s for fraud and for >> incest and a cable to connect the two. >> >> >> >> I hope this helps get you started. >> >> ~Casey >> >> >> >> On Tue, Jun 19, 2012 at 12:36 PM, Alexandre Kouznetsov <alk@ondore.com>wrote: >> >>> Hello. >>> >>> El 19/06/12 10:06, Adrian May escribió: >>> >>> But I can''t see how I''m supposed to get the wireless NIC into xen at >>>> all. >>>> >>> >>> I believe Xen does not supports that low level interaction between a >>> DomU and the hardware with some standard wrapper, like with wired Ethernet >>> interface. >>> >>> Check if your Motherboard supports IOMMU. Probably your best shot would >>> be passthrugh the whole WiFi card into Fraud. That is hopefully low level >>> enough. >>> >>> http://wiki.xen.org/wiki/Xen_**PCI_Passthrough<http://wiki.xen.org/wiki/Xen_PCI_Passthrough> >>> >>> -- >>> Alexandre Kouznetsov >>> >>> ______________________________**_________________ >>> Xen-users mailing list >>> Xen-users@lists.xen.org >>> http://lists.xen.org/xen-users >>> >> >> >> _______________________________________________ >> Xen-users mailing list >> Xen-users@lists.xen.org >> http://lists.xen.org/xen-users >> > >_______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
I''m not sure what you mean by "routing package". I was just gonna use iptables. I got no intention of using some heavy web based thing like ipcop. Does iptables have a speed limit? I guess the driver for the onboard wlan has to be fast - it''s an atheros thing. Local security: well, people in the house are supposed to be able to read and write to incest''s file shares. If they bring home something nasty on their laptops there''s not a lot I can do. Perhaps I mess with read only mounts for most users etc, etc, but that would be a later topic. At this networking stage, we simply want the laptops and incest to be in the same zone. If I make a guest wlan it won''t be inside the family lan. If I understand you correctly you''re saying this: wireless---*murder*---+---*fraud*---+---pppoe | | | | | *laptops* *incest*---+ *libel* Trouble is, I''d need NAT happening in both murder and fraud wouldn''t I? If I connected incest to murder instead, fraud would be redundant, and murder would be in the thick of the action: wireless---*murder*-----+---pppoe | | | | | *laptops* *incest* *libel* * * I think that''s what I''m forced into. Shame. I kinda hoped dom0, having the power to vape everything else, would have nothing to do except pretend not to be there. Well, never mind. If it runs no services whatsoever, not even sshd, it''s probably safe. Adrian. On 20 June 2012 13:26, Casey DeLorme <cdelorme@gmail.com> wrote:> From what I read it was less about speeds and more about hardware > compatibility, either it is supported by the routing package or it isn''t > (works/doesn''t). > > I had a discussion here, where someone mentioned a linux package that > supposedly had some support for a limited set of Wireless N devices: > http://forum.pfsense.org/index.php/topic,42205.0.html > > If you are worried about exposing murder to the www, then you might > consider turning fraud into a firewall, and bridging to fraud and back to > murder via lan, where the lanto share the connection with the wireless NIC. > The is entirely virtual and bridged only downside here is you aren''t > protecting murder/incest from anyone accessing your local network. > > If you go that route though, you can setup your interfaces like this (I > substituted the wifi name with "wifi" since I don''t know how those are seen > by the interfaces file): > > auto lo wan lan > iface lo inet loopback > iface eth0 inet manual > iface wan inet manual > bridged_ports eth0 > iface lan inet dhcp > bridged_ports wifi > > > You would pass both "wan" and "lan" to fraud. fraud would have some > firewall package and connect "wan" to "lan", and probably handle dhcp on > "lan". > > You could install the routing package on murder to broadcast the WAP, if > it supports bridged mode you could let fraud handle the dhcp, otherwise you > may have to add a dhcp server on murder as well. > > > Again that''ll only work if you aren''t overly concerned about local network > security, and if your onboard wireless is supported by the routing package. > > > On Wed, Jun 20, 2012 at 12:15 AM, Adrian May < > adrian.alexander.may@gmail.com> wrote: > >> Hi Guys, >> >> Thanks for your help so far. My mainboard is Asus E45M1 which has an AMD >> Fusion E450 processor (AMD-V but probably not Vi), one ethernet port and an >> onboard wireless N. I chose that over the Atom cos the latter has no HW >> virtualisation at all. >> >> One of my main goals is not to have a crappy wireless router in the house >> any more - I want to make my own so I don''t have to put up with the bugs >> they deliberately build into those things to make companies pay $500 for >> the "professional" ones. Fraud is supposed to be the wireless router. >> Anyway, I only have one ethernet slot on the board. >> >> Libel isn''t an issue - it can already see eth0 on which the modem is >> waiting to connect pppoe clients to servers supplying fixed or dynamic IP >> addresses. BTW, it''ll also provide an OpenVPN for friends with paranoid >> governments (either that or another box called treason will) who might want >> to bring it down, hence the insistence that it''s in no way connected to my >> domestic stuff. >> >> Seems like I have to settle for murder bringing up the wireless cos >> there''s no AMD-Vi. Does that mean I''ll get wireless N speeds or still have >> to put up with G? >> >> If murder sets up the wireless in /etc/network/interfaces, what next? >> >> I could just forget all about fraud and let murder do its jobs, but then >> I''d have dom0 connected directly to the jungle, which is extremely >> uncomfortable - I have all my family photos on incest and if some spammer >> hacked murder he wouldn''t even notice what he was bulldozing to make room >> for his spam list. Incest is the only thing I really need to protect. >> >> I could just about tolerate murder having a life on the domestic wireless >> network, but I really did want to keep it off the internet. I also had a >> plan to put up an open wireless network for friends and neighbours, but >> murder and incest would have to be protected from it. Maybe it''s just a >> case of being very careful with my iptables, but I''m not especially >> confident of my ability to make that tight. Some of those scripts on the >> internet are talking about weaknesses I never would have thought of. >> >> Adrian. >> >> >> On 20 June 2012 07:44, Casey DeLorme <cdelorme@gmail.com> wrote: >> >>> >>> Adrian, >>> >>> >>> Actually, what you are trying to achieve is not possible without IOMMU, >>> as a vif is just a bridged virtual interface. Your DomU needs direct >>> access to the physical card, using PCI Passthrough. For this both your CPU >>> and Motherboard must be IOMMU Compatible (VT-d for Intel, AMD-Vi for AMD). >>> >>> I have a similar configuration at home involving a PFSense router, >>> debian web server and multimedia virtual machine. To save you some time, >>> you probably won''t achieve Wireless N, this is because most routing >>> packages do not yet support it. As of March there were only a handful of >>> drivers, and the related chips were only featured in laptop wireless cards. >>> >>> >>> >>> So you are facing two problems: >>> >>> A. Do you have IOMMU Compliant Hardware? >>> >>> B. Is Wireless G Okay? >>> >>> >>> >>> Based on these machines: >>> >>> murder (dom0) >>> libel (domu web server) >>> fraud (domu router) >>> incest (file server domu?) >>> >>> These solutions are based on two assumptions: >>> >>> A. That fraud is to provide iinternet access for the connection >>> machines. >>> B. That libel and fraud will be using a routing device, but libel needs >>> a static IP. >>> >>> If not A then omit the WAN interface for fraud from the proposed >>> solutions. >>> If not B then add one extra interface for a separated WAN for libel. >>> >>> >>> >>> My proposed solution: >>> >>> Using two physical NIC''s you would bridge them using murder''s interfaces >>> file. You can tell murder to ignore these bridges so it remains a hermit >>> and doesn''t grab an IP. >>> >>> The bridges could be WAN and LAN. WAN can be passed to fraud and libel. >>> Assign a static IP in libel''s interfaces file. Let fraud receive a >>> dynamic IP from WAN. Connect the LAN bridge to fraud and to incest, and >>> have the physical NIC connect to a Wireless N router. >>> >>> Configure the Wireless N router to use bridged mode, and install a >>> routing package in fraud, because interfaces probably won''t do everything >>> you need it to for intranet management. >>> >>> >>> >>> Your Ideal Solution: >>> >>> To achieve exactly what you want, you need IOMMU to let murder remain a >>> hermit. >>> >>> You will need at least one physical known compatible wireless G device >>> and a routing package selected for fraud. >>> >>> You will need one physical NIC for libel, another physical NIC for fraud. >>> >>> You can pass one physical NIC to libel and assign a static IP using >>> libel''s interfaces file. >>> >>> You can pass a physical NIC to fraud for WAN and let it pull a dynamic >>> IP from another routing device. You can also pass the physical wireless G >>> card to fraud, and install the selected routing package to setup your WAP. >>> >>> For incest you can use another Wireless NIC to connect to fraud >>> wirelessly, or you will need two more physical NIC''s for fraud and for >>> incest and a cable to connect the two. >>> >>> >>> >>> I hope this helps get you started. >>> >>> ~Casey >>> >>> >>> >>> On Tue, Jun 19, 2012 at 12:36 PM, Alexandre Kouznetsov <alk@ondore.com>wrote: >>> >>>> Hello. >>>> >>>> El 19/06/12 10:06, Adrian May escribió: >>>> >>>> But I can''t see how I''m supposed to get the wireless NIC into xen at >>>>> all. >>>>> >>>> >>>> I believe Xen does not supports that low level interaction between a >>>> DomU and the hardware with some standard wrapper, like with wired Ethernet >>>> interface. >>>> >>>> Check if your Motherboard supports IOMMU. Probably your best shot would >>>> be passthrugh the whole WiFi card into Fraud. That is hopefully low level >>>> enough. >>>> >>>> http://wiki.xen.org/wiki/Xen_**PCI_Passthrough<http://wiki.xen.org/wiki/Xen_PCI_Passthrough> >>>> >>>> -- >>>> Alexandre Kouznetsov >>>> >>>> ______________________________**_________________ >>>> Xen-users mailing list >>>> Xen-users@lists.xen.org >>>> http://lists.xen.org/xen-users >>>> >>> >>> >>> _______________________________________________ >>> Xen-users mailing list >>> Xen-users@lists.xen.org >>> http://lists.xen.org/xen-users >>> >> >> >_______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
Hello. El 19/06/12 23:15, Adrian May escribió:> Thanks for your help so far. My mainboard is Asus E45M1 which has an AMD > Fusion E450 processor (AMD-V but probably not Vi), one ethernet port and > an onboard wireless N.You probably want to check, if your Wireless card is really a PCI. It might be a USB, even if it''s not a separate device connected to a physical port. lspci ans lsusb are the tools. Asus use to (or at least used to) integrate onboard wifi and audio via USB interface instead of the usual PCI. If that is your case, obviously it''s not a PCI Passthrough what you need, but USB Passthrough. Works with HVM DomU, never tried with a PV DomU. (guys, don''t CC me, i read the list) -- Alexandre Kouznetsov
Hi Alexandre, It shows up in lspci. To get it to behave as a master, I had to use hostapd. I won''t really need xen to be aware of this one now - I just write some iptables on murder to NAT wireless traffic to ppp0 or route to and from incest. Thanks, Adrian. On 21 June 2012 01:16, Alexandre Kouznetsov <alk@ondore.com> wrote:> Hello. > > El 19/06/12 23:15, Adrian May escribió: > > Thanks for your help so far. My mainboard is Asus E45M1 which has an AMD >> Fusion E450 processor (AMD-V but probably not Vi), one ethernet port and >> an onboard wireless N. >> > You probably want to check, if your Wireless card is really a PCI. It > might be a USB, even if it''s not a separate device connected to a physical > port. lspci ans lsusb are the tools. > > Asus use to (or at least used to) integrate onboard wifi and audio via USB > interface instead of the usual PCI. If that is your case, obviously it''s > not a PCI Passthrough what you need, but USB Passthrough. Works with HVM > DomU, never tried with a PV DomU. > > (guys, don''t CC me, i read the list) > > > -- > Alexandre Kouznetsov > > ______________________________**_________________ > Xen-users mailing list > Xen-users@lists.xen.org > http://lists.xen.org/xen-users >_______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users