Hi,
I''m using xen in bridged mode with following configuration:
Four zones: fw, loc, dmz, net
dom0 10.12.123.2 connected via bridge "brloc" to firewall (domU1)
10.12.123.1 (eth1)- this link is fine I can ping them in both directions.
Physically, eth0 at dom0 is connected to the network of hosting company. I have
this interface unconfigured at dom0 and bridged it directly to eth0 at domU1. I
configure statically this interface at domU1 via bridge breth.
I had network connectivity from domU1 and it was working fine. I left the setup
for some time and it''s not working anymore. I did not change anything.
My hosting company is hetzner. I asked support, and they said that MAC is binded
to IP and all other packets are discarded at the router. I''m not sure
though if MAC is a problem. Let''s look at configuration files:
*****************dom0********************************
/etc/network/interfaces:
auto lo
iface lo inet loopback
iface eth0 inet manual
#bridge for domU1 net connection
auto breth
iface breth inet manual
bridge_ports eth0
bridge_maxwait 5
auto brloc
iface brloc inet static
bridge_ports none
address 10.12.123.2
netmask 255.255.255.0
gateway 10.12.123.1
bridge_maxwait 5
auto brdmz
iface brdmz inet manual
bridge_ports none
bridge_maxwait 5
# grep ^[^#] /etc/xen/xend-config.sxp
(vif-script vif-bridge)
(dom0-min-mem 196)
(enable-dom0-ballooning yes)
(total_available_memory 0)
(dom0-cpus 0)
(vncpasswd '''')
# cat /etc/xen/fw.cfg
kernel = ''/boot/vmlinuz-3.2.0-0.bpo.2-amd64''
ramdisk = ''/boot/initrd.img-3.2.0-0.bpo.2-amd64''
vcpus = ''1''
memory = ''256''
#
# Disk device(s).
#
root = ''/dev/xvda2 ro''
disk = [
''phy:/dev/vg0/fw-disk,xvda2,w'',
''phy:/dev/vg0/fw-swap,xvda1,w'',
]
#
# Physical volumes
#
#
# Hostname
#
name = ''fw''
#
# Networking
#
vif = [
''bridge=breth,ip=7.5.7.202,mac=00:16:3E:97:7B:9C'',''bridge=brloc,mac=00:16:3e:07:d2:0f'',
''bridge=brdmz,mac=00:16:3e:07:d2:10'' ]
#
# Behaviour
#
on_poweroff = ''destroy''
on_reboot = ''restart''
on_crash = ''restart''
# brctl show
bridge name bridge id STP enabled interfaces
brdmz 8000.feffffffffff no vif1.2
breth 8000.c860008dbc96 no eth0
vif1.0
brloc 8000.feffffffffff no vif1.1
#ifconfig
brdmz Link encap:Ethernet HWaddr fe:ff:ff:ff:ff:ff
inet6 addr: fe80::9010:7cff:febf:ac00/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:384 (384.0 B) TX bytes:1328 (1.2 KiB)
breth Link encap:Ethernet HWaddr c8:60:00:xx:xx:xx
inet6 addr: fe80::ca60:ff:xxxx:xxxx/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:935 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:34884 (34.0 KiB) TX bytes:1492 (1.4 KiB)
brloc Link encap:Ethernet HWaddr fe:ff:ff:ff:ff:ff
inet addr:10.12.123.2 Bcast:10.12.123.255 Mask:255.255.255.0
inet6 addr: fe80::7432:8eff:fec6:a203/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:347 errors:0 dropped:0 overruns:0 frame:0
TX packets:595 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:29576 (28.8 KiB) TX bytes:36722 (35.8 KiB)
eth0 Link encap:Ethernet HWaddr c8:60:00:xx:xx:xx
inet6 addr: fe80::ca60:ff:xxxx:xxxx/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:534 errors:0 dropped:41 overruns:0 frame:0
TX packets:500 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:34561 (33.7 KiB) TX bytes:32628 (31.8 KiB)
Interrupt:17 Memory:fe500000-fe520000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:171 errors:0 dropped:0 overruns:0 frame:0
TX packets:171 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:15481 (15.1 KiB) TX bytes:15481 (15.1 KiB)
vif1.0 Link encap:Ethernet HWaddr fe:ff:ff:ff:ff:ff
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:472 errors:0 dropped:0 overruns:0 frame:0
TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:13740 (13.4 KiB) TX bytes:1843 (1.7 KiB)
vif1.1 Link encap:Ethernet HWaddr fe:ff:ff:ff:ff:ff
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:354 errors:0 dropped:0 overruns:0 frame:0
TX packets:365 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:30080 (29.3 KiB) TX bytes:27006 (26.3 KiB)
vif1.2 Link encap:Ethernet HWaddr fe:ff:ff:ff:ff:ff
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:13 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:888 (888.0 B) TX bytes:1524 (1.4 KiB)
# cat /etc/sysctl.conf
# sysctl config
net.ipv4.ip_forward=1
net.ipv4.conf.default.proxy_arp=1
net.ipv4.conf.all.proxy_arp=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1
**************************domU1***********************
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:142 errors:0 dropped:0 overruns:0 frame:0
TX packets:142 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12872 (12.5 KiB) TX bytes:12872 (12.5 KiB)
eth0 Link encap:Ethernet HWaddr 00:16:3e:07:d2:01
inet addr:7.5.7.202 Bcast:7.5.7.223 Mask:255.255.255.224
inet6 addr: fe80::216:3eff:fe07:d201/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:29 errors:0 dropped:0 overruns:0 frame:0
TX packets:527 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1569 (1.5 KiB) TX bytes:22702 (22.1 KiB)
Interrupt:23
eth1 Link encap:Ethernet HWaddr 00:16:3e:07:d2:0f
inet addr:10.12.123.1 Bcast:10.12.123.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe07:d20f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:408 errors:0 dropped:0 overruns:0 frame:0
TX packets:392 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:24348 (23.7 KiB) TX bytes:38639 (37.7 KiB)
Interrupt:24
eth2 Link encap:Ethernet HWaddr 00:16:3e:07:d2:10
inet addr:10.12.120.1 Bcast:10.12.120.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe07:d210/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:24 errors:0 dropped:0 overruns:0 frame:0
TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1320 (1.2 KiB) TX bytes:1156 (1.1 KiB)
Interrupt:25
# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 7.5.7.202 icmp_seq=2 Destination Host Unreachable
From 7.5.7.202 icmp_seq=3 Destination Host Unreachable
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 received, +2 errors, 100% packet loss, time 3015ms
pipe 2
#cat /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.default.proxy_arp=1
What can be the reason ?
Hello. El 17/07/12 06:50, Sławek Kosowski escribió:> [...] > vif = [ 'bridge=breth,ip=7.5.7.202,mac=00:16:3E:97:7B:9C','bridge=brloc,mac=00:16:3e:07:d2:0f', > 'bridge=brdmz,mac=00:16:3e:07:d2:10' ] > [...] > > # brctl show > bridge name bridge id STP enabled interfaces > brdmz 8000.feffffffffff no vif1.2 > breth 8000.c860008dbc96 no eth0 > vif1.0 > brloc 8000.feffffffffff no vif1.1 > [...] > > **************************domU1*********************** > eth0 Link encap:Ethernet HWaddr 00:16:3e:07:d2:01 > inet addr:7.5.7.202 Bcast:7.5.7.223 Mask:255.255.255.224 > inet6 addr: fe80::216:3eff:fe07:d201/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:29 errors:0 dropped:0 overruns:0 frame:0 > TX packets:527 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:1569 (1.5 KiB) TX bytes:22702 (22.1 KiB) > Interrupt:23As I can see, DomU's eth0 has a different MAC address than the one you specified in the config. Find out why it has changed, that is probably the root of the trouble you are dealing with. See DomU dmesg and syslog. Make sure, which is the MAC your ISP knows as the good one, to let you out. -- Alexandre Kouznetsov _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
Thanks Alexandre, I must have changed something wrong in the log. It''s OK in the /etc/xen/fw.cfg: vif = [''bridge=breth,ip=7.5.7.202, mac=00:16:3e:07:d2:01 [...] Excuse me for misunderstanding
El 17/07/12 11:36, Sławek Kosowski escribió:> Thanks Alexandre, > I must have changed something wrong in the log. > It's OK in the /etc/xen/fw.cfg: > vif = ['bridge=breth,ip=7.5.7.202, mac=00:16:3e:07:d2:01 [...] > > Excuse me for misunderstandingAnyway, I assume it does not working still. Is "00:16:3e:07:d2:01" the MAC your ISP knows and trusts? Install tcpdump on your Dom0 and sniff the traffic on breth and eth0. Make sure the outgoing traffic (A) is there, (b) has correct IP and MAC information. As you mentioned that you have changed nothing, then it's probably your ISP's fault. The tcpdump log would work as "troubleshooting evidence" with them. tcpdump -e -i breth tcpdump -e -i eth0 Then ping some IP from your DomU. Start with your default uplink gateway. Take in account, that a paranoid ISP configuration may react to a MAC change or if it see more than one MAC on the port, which is your case: they can "see" on layer2 level your Dom0's MAC and your DomU's MAC, and think you are doing something weired. -- Alexandre Kouznetsov _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
Don''t know why my /etc/xen/fw.cfg changed, but MAC is the same in
config as in created VM:
To sum up:
dom0:
ifconfig:
eth0 Link encap:Ethernet HWaddr c8:60:00:8d:bc:96
inet6 addr: fe80::ca60:ff:fe8d:bc96/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:66 errors:0 dropped:35 overruns:0 frame:0
TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4515 (4.4 KiB) TX bytes:5144 (5.0 KiB)
Interrupt:17 Memory:fe500000-fe520000
breth Link encap:Ethernet HWaddr c8:60:00:8d:bc:96
inet6 addr: fe80::ca60:ff:fe8d:bc96/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:228 (228.0 B) TX bytes:812 (812.0 B)
vif1.0 Link encap:Ethernet HWaddr fe:ff:ff:ff:ff:ff
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:44 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:1536 (1.5 KiB) TX bytes:864 (864.0 B)
vif1.1 Link encap:Ethernet HWaddr fe:ff:ff:ff:ff:ff
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:45 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:0 (0.0 B) TX bytes:2202 (2.1 KiB)
sysctl.conf:
net.ipv4.ip_forward = 1
net.ipv4.conf.default.proxy_arp = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
BUT: cat /proc/sys/net/ipv4/conf/eth0/proxy_arp
0
echoeing 1 does not change anything
tcpdump for breth:
22:25:06.026447 00:16:3e:97:7b:9c (oui Unknown) > Broadcast, ethertype ARP
(0x0806), length 42: Request who-has 7.5.7.193 tell dom0_prod, length 28
22:25:06.027020 78:fe:3d:47:19:12 (oui Unknown) > c8:60:00:8d:bc:96 (oui
Unknown), ethertype ARP (0x0806), length 60: Reply 7.5.7.193 is-at
78:fe:3d:47:19:12 (oui Unknown), length 46
22:25:07.026463 00:16:3e:97:7b:9c (oui Unknown) > Broadcast, ethertype ARP
(0x0806), length 42: Request who-has 7.5.7.193 tell dom0_prod, length 28
22:25:07.029365 78:fe:3d:47:19:12 (oui Unknown) > c8:60:00:8d:bc:96 (oui
Unknown), ethertype ARP (0x0806), length 60: Reply 7.5.7.193 is-at
78:fe:3d:47:19:12 (oui Unknown), length 46
22:25:11.027014 00:16:3e:97:7b:9c (oui Unknown) > Broadcast, ethertype ARP
(0x0806), length 42: Request who-has 7.5.7.193 tell dom0_prod, length 28
22:25:11.027697 78:fe:3d:47:19:12 (oui Unknown) > c8:60:00:8d:bc:96 (oui
Unknown), ethertype ARP (0x0806), length 60: Reply 7.5.7.193 is-at
78:fe:3d:47:19:12 (oui Unknown), length 46
22:25:12.026465 00:16:3e:97:7b:9c (oui Unknown) > Broadcast, ethertype ARP
(0x0806), length 42: Request who-has 7.5.7.193 tell dom0_prod, length 28
22:25:12.027232 78:fe:3d:47:19:12 (oui Unknown) > c8:60:00:8d:bc:96 (oui
Unknown), ethertype ARP (0x0806), length 60: Reply 7.5.7.193 is-at
78:fe:3d:47:19:12 (oui Unknown), length 46
22:25:13.026365 00:16:3e:97:7b:9c (oui Unknown) > Broadcast, ethertype ARP
(0x0806), length 42: Request who-has 7.5.7.193 tell dom0_prod, length 28
22:25:13.029238 78:fe:3d:47:19:12 (oui Unknown) > c8:60:00:8d:bc:96 (oui
Unknown), ethertype ARP (0x0806), length 60: Reply 7.5.7.193 is-at
78:fe:3d:47:19:12 (oui Unknown), length 46
tcpdump for eth0
22:26:01.025894 00:16:3e:97:7b:9c (oui Unknown) > Broadcast, ethertype ARP
(0x0806), length 42: Request who-has 7.5.7.193 tell dom0_prod, length 28
22:26:01.029518 78:fe:3d:47:19:12 (oui Unknown) > c8:60:00:8d:bc:96 (oui
Unknown), ethertype ARP (0x0806), length 60: Reply 7.5.7.193 is-at
78:fe:3d:47:19:12 (oui Unknown), length 46
22:26:02.022412 00:16:3e:97:7b:9c (oui Unknown) > Broadcast, ethertype ARP
(0x0806), length 42: Request who-has 7.5.7.193 tell dom0_prod, length 28
22:26:02.025598 78:fe:3d:47:19:12 (oui Unknown) > c8:60:00:8d:bc:96 (oui
Unknown), ethertype ARP (0x0806), length 60: Reply 7.5.7.193 is-at
78:fe:3d:47:19:12 (oui Unknown), length 46
22:26:02.575805 c8:60:00:8d:bc:96 (oui Unknown) > 01:00:5e:00:00:01 (oui
Unknown), ethertype IPv4 (0x0800), length 46: 0.0.0.0 > 224.0.0.1: igmp query
v2
22:26:02.575811 c8:60:00:8d:bc:96 (oui Unknown) > 33:33:00:00:00:01 (oui
Unknown), ethertype IPv6 (0x86dd), length 86: fe80::ca60:ff:fe8d:bc96 >
ip6-allnodes: HBH ICMP6, multicast listener querymax resp delay: 1000 addr: ::,
length 24
22:26:03.022481 00:16:3e:97:7b:9c (oui Unknown) > Broadcast, ethertype ARP
(0x0806), length 42: Request who-has 7.5.7.193 tell dom0_prod, length 28
22:26:03.023324 78:fe:3d:47:19:12 (oui Unknown) > c8:60:00:8d:bc:96 (oui
Unknown), ethertype ARP (0x0806), length 60: Reply 7.5.7.193 is-at
78:fe:3d:47:19:12 (oui Unknown), length 46
22:26:06.031398 00:16:3e:97:7b:9c (oui Unknown) > Broadcast, ethertype ARP
(0x0806), length 42: Request who-has 7.5.7.193 tell dom0_prod, length 28
dmesg | tail shows:
[ 843.499924] xt_physdev: using --physdev-out in the OUTPUT, FORWARD and
POSTROUTING chains for non-bridged traffic is not supported anymore.
domU1 (firewall):
eth0 Link encap:Ethernet HWaddr 00:16:3e:97:7b:9c
inet addr:7.5.7.202 Bcast:7.5.7.223 Mask:255.255.255.224
inet6 addr: fe80::216:3eff:fe97:7b9c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:696 (696.0 B) TX bytes:2152 (2.1 KiB)
Interrupt:23
ping 7.5.7.193 (gateway):
PING 7.5.7.193 (7.5.7.193) 56(84) bytes of data.
From 7.5.7.202 icmp_seq=1 Destination Host Unreachable
From 7.5.7.202 icmp_seq=2 Destination Host Unreachable
--- 7.5.7.193 ping statistics ---
4 packets transmitted, 0 received, +2 errors, 100% packet loss, time 2999ms
pipe 2
sysctl.conf:
net.ipv4.ip_forward = 1
the mac at eth0 at dom0 (C6:60:00:8D:BC:96) is allowed by my hosting company
together with my IP 7.5.7.202
Looks like eth0 at domU1 makes ARP, GW responds to eth0 at dom0, but this one
does not proxy it to domU1 ?
Thanks for help
It''s been solved by ebtables at dom0: http://ebtables.sourceforge.net/examples/basic.html#ex_nat Thanks for help
I want to have my domains shutdowned instead of saved on dom0 poweroff/reboot. I have *.cfg symlinked to /etc/xen/auto I''ve modified: # vi /etc/default/xendomains #XENDOMAINS_SAVE=/var/lib/xen/save XENDOMAINS_SAVE="" #XENDOMAINS_RESTORE=true XENDOMAINS_RESTORE=false But when I reboot, the domUs do not start. Anyone can help ? Regards Slawomir
I would trythis: #virsh autostart <yourdomU> Sławek Kosowski wrote:> I want to have my domains shutdowned instead of saved on dom0 > poweroff/reboot. I have *.cfg symlinked to /etc/xen/auto > > I've modified: > > # vi /etc/default/xendomains > > #XENDOMAINS_SAVE=/var/lib/xen/save > XENDOMAINS_SAVE="" > > #XENDOMAINS_RESTORE=true > XENDOMAINS_RESTORE=false > > But when I reboot, the domUs do not start. > Anyone can help ? > > Regards > Slawomir_______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
El 09/08/12 08:02, Sławek Kosowski escribió:> I want to have my domains shutdowned instead of saved on dom0 poweroff/reboot. > I have *.cfg symlinked to /etc/xen/auto > > I've modified: > > # vi /etc/default/xendomains > > #XENDOMAINS_SAVE=/var/lib/xen/save > XENDOMAINS_SAVE="" > > #XENDOMAINS_RESTORE=true > XENDOMAINS_RESTORE=false >The autostart is controlled from /etc/default/xendomains : XENDOMAINS_AUTO=/etc/xen/auto It is supposed to be set that way by default. If you have not modified this setting, and it's still don't work, /var/log/xen/xend.log and /var/log/xen/xend-debug.log are your best advisors. -- Alexandre Kouznetsov _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users