I am starting from scratch and still cannot get this to work. Running freshly-installed Debian Wheezy. Only the SSH server was installed using Debian Installer (no desktop environment, etc.). After a successful install, I installed the xen-linux-system-3.2.0-2-amd64 and dnsmasq. My /etc/network/interfaces: ... iface eth0 inet static address 10.1.20.1 netmask 255.255.255.0 allow-hotplug eth1 iface eth1 inet static address w.x.y.z netmask 255.255.255.248 gateway w.x.y.z As you can see, eth0 is my LAN and eth1 is WAN. The box normally functions as a NAT router for everything on eth0 to connect to the Internet via eth1. However I have not installed those packages or changed my iptables to provide that functionality yet. This is still a bone stock installation of Debian and on dom0 I have Internet access and DNS is working. dnsmasq has been configured to service DHCP requests and to listen on all available interfaces. xen-create-image with appropriate parameters created me a DHCP virtual machine (also running wheezy and the 3.2.0 kernel) which starts successfully. brctl show displays eth0 as a bridge connected to peth0 and vif4.0 (the ID of the PV VM). But the VM does not seem to have any kind of network access for some reason. The dom0 does not seem to be getting the DHCP requests from the VM. The VM never successfully obtains a DHCP lease. And even when I set static information in the VM, it is not able to ping the dom0. What am I doing wrong? I don''t even know what information to post with this because I don''t know where to try to start troubleshooting the problem. The key is, I don''t want the VMs to have just Internet access (else I would bridge them to eth1). I want them to get full network access, including the ability to get DHCP from dom0.
Hello. El 21/06/12 16:31, Eric Lindsey escribió:> My /etc/network/interfaces: > ... > iface eth0 inet static > address 10.1.20.1 > netmask 255.255.255.0 > > allow-hotplug eth1 > iface eth1 inet static > address w.x.y.z > netmask 255.255.255.248 > gateway w.x.y.zThere is a general recommendation to create the bridge(s) manually (or using your distribution standard means), not using -network-bridge script. It give a much more predictable result.> As you can see, eth0 is my LAN and eth1 is WAN. The box normally functions as a NAT router for everything on eth0 to connect to the Internet via eth1. However I have not installed those packages or changed my iptables to provide that functionality yet. This is still a bone stock installation of Debian and on dom0 I have Internet access and DNS is working. > > dnsmasq has been configured to service DHCP requests and to listen on all available interfaces.Even on WAN interface? Hm.> xen-create-image with appropriate parameters created me a DHCP virtual machine (also running wheezy and the 3.2.0 kernel) which starts successfully. > > brctl show displays eth0 as a bridge connected to peth0 and vif4.0 (the ID of the PV VM). But the VM does not seem to have any kind of network access for some reason. The dom0 does not seem to be getting the DHCP requests from the VM. The VM never successfully obtains a DHCP lease. And even when I set static information in the VM, it is not able to ping the dom0. What am I doing wrong? I don''t even know what information to post with this because I don''t know where to try to start troubleshooting the problem. The key is, I don''t want the VMs to have just Internet access (else I would bridge them to eth1). I want them to get full network access, including the ability to get DHCP from dom0.Can you please show the "vif=" line from your DomU config file, the output of "xm list" and "brctl show"? You also might want to check for netfilter configuration (iptables -L -v) and the "forward delay" parameter of your bridges. -- Alexandre Kouznetsov
Sorry Alexandre I never did get used to that reply-to-list instead of reply-to-author. Anyhow, here's what I've done: Restarting dnsmasq and giving the network time was the first thing I tried. Neither helped. I built the bridge manually in the interfaces file, now my bridge is br0 (with the IP address), my physical Ethernet is eth0 and bridged (set to manual--no IP) and obviously eth1 still minding its own business in the WAN world. I've also implemented my NAT script again to make sure there aren't any other issues I'm missing. My LAN computers are now successfully getting DHCP from www (my server) again and are reaching the Internet. I've also hardcoded dnsmasq to listen on br0, instead of telling it everything except eth1. Now, when I boot the VM I can see once again in my dom0 logs, a DHCPREQUEST on br0, and a DHCPOFFER also on br0. But the VM never sees it. How can I use tcpdump to try and track down this problem? Thanks for your help, Eric Lindsey On Jun 21, 2012, at 9:23 PM, Alexandre Kouznetsov <alk@ondore.com> wrote:> Hi, Eric. > > This really should go to the list, but maybe your screenshot is not welcome there. > > 1. Try to restart dnsmasq, maybe the network topology changes on Dom0 confuse it (eth0 was a physical interface at first, now it's called peth0 and eth0 is a bridge). > 2. Your low level configuration config looks good. Check how is your IP configuration: the bridge eth0 shall have the IP address assigned, not peth0. > 3. Check, if the lack of response from DHCP server is persistent. The bridge probably has set a "forward delay" (10 sec by default), so the communication is not possible immediately after boot. Try to request DHCP configuration manually some time after the boot. Try static IP configuration and ping. > 4. Diagnose what's happening on your network with tcpdump, it should be able to see all the traffic within the bridge. > > Consider creating the bridges from interfaces file, to avoid re-naming and keep the setup clear. Really, Xen's network-bridge script is a crap. > > > El 21/06/12 18:56, Eric Lindsey escribió: >> Normally, dnsmasq is set to listen on all interfaces _except_ WAN. But I'm pulling my hair out trying to fix this so I removed even that restriction. >> >> Sorry for the screenshot but I'm mobile at the moment. >> >> On Jun 21, 2012, at 5:44 PM, Alexandre Kouznetsov<alk@ondore.com> wrote: >> >>> Hello. >>> >>> El 21/06/12 16:31, Eric Lindsey escribió: >>>> My /etc/network/interfaces: >>>> ... >>>> iface eth0 inet static >>>> address 10.1.20.1 >>>> netmask 255.255.255.0 >>>> >>>> allow-hotplug eth1 >>>> iface eth1 inet static >>>> address w.x.y.z >>>> netmask 255.255.255.248 >>>> gateway w.x.y.z >>> There is a general recommendation to create the bridge(s) manually (or using your distribution standard means), not using -network-bridge script. It give a much more predictable result. >>> >>>> As you can see, eth0 is my LAN and eth1 is WAN. The box normally functions as a NAT router for everything on eth0 to connect to the Internet via eth1. However I have not installed those packages or changed my iptables to provide that functionality yet. This is still a bone stock installation of Debian and on dom0 I have Internet access and DNS is working. >>>> >>>> dnsmasq has been configured to service DHCP requests and to listen on all available interfaces. >>> Even on WAN interface? Hm. >>> >>>> xen-create-image with appropriate parameters created me a DHCP virtual machine (also running wheezy and the 3.2.0 kernel) which starts successfully. >>>> >>>> brctl show displays eth0 as a bridge connected to peth0 and vif4.0 (the ID of the PV VM). But the VM does not seem to have any kind of network access for some reason. The dom0 does not seem to be getting the DHCP requests from the VM. The VM never successfully obtains a DHCP lease. And even when I set static information in the VM, it is not able to ping the dom0. What am I doing wrong? I don't even know what information to post with this because I don't know where to try to start troubleshooting the problem. The key is, I don't want the VMs to have just Internet access (else I would bridge them to eth1). I want them to get full network access, including the ability to get DHCP from dom0. >>> Can you please show the "vif=" line from your DomU config file, the output of "xm list" and "brctl show"? >>> >>> You also might want to check for netfilter configuration (iptables -L -v) and the "forward delay" parameter of your bridges. >>> >>> -- >>> Alexandre Kouznetsov >>> >>> _______________________________________________ >>> Xen-users mailing list >>> Xen-users@lists.xen.org >>> http://lists.xen.org/xen-users > > > -- > Alexandre Kouznetsov > Systems Officer > Ondore, S.A. de C.V. > Tel. +52(55) 5559-0090 > E-mail alk@ondore.com_______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
Hello. El 21/06/2012 09:21 p.m., Eric Lindsey escribió:> My LAN computers are now successfully getting DHCP from www (my server) again and are reaching the Internet.I assume, "www" is your Dom0, so the DHCP server is functional, after all.> Now, when I boot the VM I can see once again in my dom0 logs, a DHCPREQUEST on br0, and a DHCPOFFER also on br0. But the VM never sees it. > > How can I use tcpdump to try and track down this problem?On Dom0, run "tcpdump -ni br0" and watch for DHCP negotiation. You should see at least the request and the offer. Then, do the same on your DomU, using appropiate interface to sniff on. As you describe it, you probably will not see the DHCPOFFER. That would isolate the problem to the DomU's failure to recieve traffic. iptables INPUT rule prohibiting it, maybe? What about static IP configuration on DomU, does it works? _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
This from dom0 (www): 15:39:30.506858 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:16:3e:5a:65:3c, length 300 15:39:30.506993 IP 10.1.20.1.67 > 10.1.20.110.68: BOOTP/DHCP, Reply, length 305 Haha I can''t install tcpdump on domU because it has no Internet access. Assigned static information on domU in /etc/network/interfaces, and everything is golden. DNS works, Internet works, network works! So, now that I''ve used static information to download tcpdump on guest domU, let''s switch back to DHCP and see what happens... It looks like domU is seeing the DHCP reply, but not acting on it. Here''s from domU (note this is a mix of output from ifup and tcpdump): DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4 15:50:07.082944 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:16:3e:5a:65:3c, length 300 15:50:07.083135 IP 10.1.20.1.67 > 10.1.20.110.68: BOOTP/DHCP, Reply, length 305 15:50:08.354312 IP6 fe80::9006:8743:d996:7029.57926 > ff02::c.1900: UDP, length 146 15:50:11.354221 IP6 fe80::9006:8743:d996:7029.57926 > ff02::c.1900: UDP, length 146 No DHCPOFFERS received. Unable to obtain a lease on first try. Exiting. Failed to bring up eth0. Is my dom0 trying to send the DHCPOFFER directly to a specific IP address (10.1.20.110 from the look of things) when the eth0 interface on domU doesn''t have an address yet (hence the DHCP request)? On Fri, Jun 22, 2012 at 12:53 AM, Alexandre Kouznetsov <alk@ondore.com> wrote:> Hello. > > El 21/06/2012 09:21 p.m., Eric Lindsey escribió: > >> My LAN computers are now successfully getting DHCP from www (my server) >> again and are reaching the Internet. > > I assume, "www" is your Dom0, so the DHCP server is functional, after all. > > >> Now, when I boot the VM I can see once again in my dom0 logs, a >> DHCPREQUEST on br0, and a DHCPOFFER also on br0. But the VM never sees it. >> >> How can I use tcpdump to try and track down this problem? > > On Dom0, run "tcpdump -ni br0" and watch for DHCP negotiation. You should > see at least the request and the offer. Then, do the same on your DomU, > using appropiate interface to sniff on. As you describe it, you probably > will not see the DHCPOFFER. > > That would isolate the problem to the DomU''s failure to recieve traffic. > iptables INPUT rule prohibiting it, maybe? > > What about static IP configuration on DomU, does it works? > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xen.org > http://lists.xen.org/xen-users
Eric Lindsey wrote:>15:50:07.083135 IP 10.1.20.1.67 > 10.1.20.110.68: BOOTP/DHCP, Reply, >length 305...>Is my dom0 trying to send the DHCPOFFER directly to a specific IP >address (10.1.20.110 from the look of things) when the eth0 interface >on domU doesn''t have an address yet (hence the DHCP request)?it certainly looks that way. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books.
El 22/06/12 14:54, Eric Lindsey escribió:> This from dom0 (www): > 15:39:30.506858 IP 0.0.0.0.68> 255.255.255.255.67: BOOTP/DHCP, > Request from 00:16:3e:5a:65:3c, length 300 > 15:39:30.506993 IP 10.1.20.1.67> 10.1.20.110.68: BOOTP/DHCP, Reply, length 305Your exchange is abnormal. Take a look on this good one: 15:46:25.031591 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:26:6c:10:5a:4d, length 300 15:46:26.002892 IP 10.13.36.253.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300 15:46:26.004265 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:26:6c:10:5a:4d, length 316 15:46:26.033630 IP 10.13.36.253.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 305 There are four messages involved: Client: I need IP! (DHCPDISCOVER) Server: have X available for you (DHCPOFFER) Client: I request X! (DHCPREQUEST) Server: your use of X is acknowledged (DHCPACK) After that, the client only renews the lease, so the server is aware of this lease steel being needed. They only exchange DHCPREQUEST and DHCPREQUEST, unless a DHCPREQUEST is denied for some reason. So, in your case, there are two details: 1. Only two messages are visible, not four. 2. DHCP server sends replay to 10.1.20.110.68, not 255.255.255.255.68 I think your dnsmasq is treating your client as if it had a valid leases, while your client feels completly new. Probably, cleaning the leases cache would solve the issue (/var/lib/misc/dnsmasq.leases). Check your Dnsmasq configuration to make sure this does not happen again.> Haha I can''t install tcpdump on domU because it has no Internet access. > Assigned static information on domU in /etc/network/interfaces, and > everything is golden. DNS works, Internet works, network works!That isolates the issue to DHCP service, converting this thread in a offtopic (:> Is my dom0 trying to send the DHCPOFFER directly to a specific IP > address (10.1.20.110 from the look of things) when the eth0 interface > on domU doesn''t have an address yet (hence the DHCP request)?That''s the point. -- Alexandre Kouznetsov