Hi, I have a new xen hosting platform. I have given the bridge a static IP which I can ping/ssh to etc, when I create a new vm all works well apart from the networking. If I give DomU a static IP I can''t ping out from the box, Dom0 can''t ping the vm. I''m suspecting it just isn''t seeing the bridge but am unsure where to start looking. This is a very standard setup, 1 bridge: xenbr0 Here''s a config file for a windows guest but I get the same with windows or debian guests. cat windows8.cfg kernel = "/usr/lib/xen-4.0/boot/hvmloader" builder=''hvm'' memory = 4096 vcpus=1 name = "Windows8" vif = [''bridge=xenbr0''] disk = [''phy:/dev/vg0/windows8,hda,w'',''file:/usr/src/windows8_x64.iso,hdc:cdrom,r''] acpi = 1 device_model = ''qemu-dm'' boot="d" sdl=0 serial=''pty'' vnc=1 vnclisten="0.0.0.0" vncpasswd="" usbdevice=''tablet'' _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
Hi Simon, what does "brctl show" show? It should show xenbr0 and some vifX.Y (which is domU interface) device. Jan Dne 20.5.2013 13:36, Simon Jones napsal(a):> > Hi, I have a new xen hosting platform. I have given the bridge a > static IP which I can ping/ssh to etc, when I create a new vm all > works well apart from the networking. If I give DomU a static IP I > can''t ping out from the box, Dom0 can''t ping the vm. I''m suspecting > it just isn''t seeing the bridge but am unsure where to start looking. > This is a very standard setup, 1 bridge: xenbr0 > > Here''s a config file for a windows guest but I get the same with > windows or debian guests. > > cat windows8.cfg > > kernel = "/usr/lib/xen-4.0/boot/hvmloader" > > builder=''hvm'' > > memory = 4096 > > vcpus=1 > > name = "Windows8" > > vif = [''bridge=xenbr0''] > > disk = > [''phy:/dev/vg0/windows8,hda,w'',''file:/usr/src/windows8_x64.iso,hdc:cdrom,r''] > > acpi = 1 > > device_model = ''qemu-dm'' > > boot="d" > > sdl=0 > > serial=''pty'' > > vnc=1 > > vnclisten="0.0.0.0" > > vncpasswd="" > > usbdevice=''tablet'' > > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xen.org > http://lists.xen.org/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
Hi Jan,
Thanks - I should have included that but here you go;
bridge name bridge id STP enabled interfaces
xenbr0 8000.00e081465f38 no eth1
tap14.0
vif14.0
vif7.0
From: xen-users-bounces@lists.xen.org [mailto:xen-users-bounces@lists.xen.org]
On Behalf Of Jan Hejl
Sent: 20 May 2013 12:52
To: xen-users@lists.xen.org
Subject: Re: [Xen-users] xenbr0 / domU static IPs
Hi Simon,
what does "brctl show" show? It should show xenbr0 and some vifX.Y
(which is domU interface) device.
Jan
Dne 20.5.2013 13:36, Simon Jones napsal(a):
Hi, I have a new xen hosting platform. I have given the bridge a static IP
which I can ping/ssh to etc, when I create a new vm all works well apart from
the networking. If I give DomU a static IP I can''t ping out from the
box, Dom0 can''t ping the vm. I''m suspecting it just
isn''t seeing the bridge but am unsure where to start looking. This is
a very standard setup, 1 bridge: xenbr0
Here''s a config file for a windows guest but I get the same with
windows or debian guests.
cat windows8.cfg
kernel = "/usr/lib/xen-4.0/boot/hvmloader"
builder=''hvm''
memory = 4096
vcpus=1
name = "Windows8"
vif = [''bridge=xenbr0'']
disk =
[''phy:/dev/vg0/windows8,hda,w'',''file:/usr/src/windows8_x64.iso,hdc:cdrom,r<file:///\\usr\src\windows8_x64.iso,hdc:cdrom,r>'']
acpi = 1
device_model = ''qemu-dm''
boot="d"
sdl=0
serial=''pty''
vnc=1
vnclisten="0.0.0.0"
vncpasswd=""
usbdevice=''tablet''
_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org<mailto:Xen-users@lists.xen.org>
http://lists.xen.org/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users
I suppose domU ID you described is 7, isn''t it? Is the other domU - id 14 - able to reach the dom0 with ping? Dne 20.5.2013 14:09, Simon Jones napsal(a):> > Hi Jan, > > Thanks -- I should have included that but here you go; > > bridge name bridge id STP enabled interfaces > > xenbr0 8000.00e081465f38 no eth1 > > tap14.0 > > vif14.0 > > vif7.0 > > *From:*xen-users-bounces@lists.xen.org > [mailto:xen-users-bounces@lists.xen.org] *On Behalf Of *Jan Hejl > *Sent:* 20 May 2013 12:52 > *To:* xen-users@lists.xen.org > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > Hi Simon, > > what does "brctl show" show? It should show xenbr0 and some vifX.Y > (which is domU interface) device. > > Jan > > Dne 20.5.2013 13:36, Simon Jones napsal(a): > > Hi, I have a new xen hosting platform. I have given the bridge a > static IP which I can ping/ssh to etc, when I create a new vm all > works well apart from the networking. If I give DomU a static IP > I can''t ping out from the box, Dom0 can''t ping the vm. I''m > suspecting it just isn''t seeing the bridge but am unsure where to > start looking. This is a very standard setup, 1 bridge: xenbr0 > > Here''s a config file for a windows guest but I get the same with > windows or debian guests. > > cat windows8.cfg > > kernel = "/usr/lib/xen-4.0/boot/hvmloader" > > builder=''hvm'' > > memory = 4096 > > vcpus=1 > > name = "Windows8" > > vif = [''bridge=xenbr0''] > > disk > [''phy:/dev/vg0/windows8,hda,w'',''file:/usr/src/windows8_x64.iso,hdc:cdrom,r > <file:///%5C%5Cusr%5Csrc%5Cwindows8_x64.iso,hdc:cdrom,r>''] > > acpi = 1 > > device_model = ''qemu-dm'' > > boot="d" > > sdl=0 > > serial=''pty'' > > vnc=1 > > vnclisten="0.0.0.0" > > vncpasswd="" > > usbdevice=''tablet'' > > > > > _______________________________________________ > > Xen-users mailing list > > Xen-users@lists.xen.org <mailto:Xen-users@lists.xen.org> > > http://lists.xen.org/xen-users >_______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
ID 7 is a debian test vm I set up, I just reconfigured the networking on it and
rebooted, now this one can ping dom0 static IP and receives a reply. No reply
when I try and ping the other windows guest, also get a reply when pinging the
default gateway, all are on the same network.
root@test-pv:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3e:14:d8:42
inet addr:195.2.139.213 Bcast:195.2.139.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:545 errors:0 dropped:0 overruns:0 frame:0
TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:29480 (28.7 KiB) TX bytes:3016 (2.9 KiB)
Interrupt:17
From: Jan Hejl [mailto:jh@excello.cz]
Sent: 20 May 2013 13:15
To: Simon Jones
Cc: xen-users@lists.xen.org
Subject: Re: [Xen-users] xenbr0 / domU static IPs
I suppose domU ID you described is 7, isn''t it? Is the other domU - id
14 - able to reach the dom0 with ping?
Dne 20.5.2013 14:09, Simon Jones napsal(a):
Hi Jan,
Thanks - I should have included that but here you go;
bridge name bridge id STP enabled interfaces
xenbr0 8000.00e081465f38 no eth1
tap14.0
vif14.0
vif7.0
From:
xen-users-bounces@lists.xen.org<mailto:xen-users-bounces@lists.xen.org>
[mailto:xen-users-bounces@lists.xen.org] On Behalf Of Jan Hejl
Sent: 20 May 2013 12:52
To: xen-users@lists.xen.org<mailto:xen-users@lists.xen.org>
Subject: Re: [Xen-users] xenbr0 / domU static IPs
Hi Simon,
what does "brctl show" show? It should show xenbr0 and some vifX.Y
(which is domU interface) device.
Jan
Dne 20.5.2013 13:36, Simon Jones napsal(a):
Hi, I have a new xen hosting platform. I have given the bridge a static IP
which I can ping/ssh to etc, when I create a new vm all works well apart from
the networking. If I give DomU a static IP I can''t ping out from the
box, Dom0 can''t ping the vm. I''m suspecting it just
isn''t seeing the bridge but am unsure where to start looking. This is
a very standard setup, 1 bridge: xenbr0
Here''s a config file for a windows guest but I get the same with
windows or debian guests.
cat windows8.cfg
kernel = "/usr/lib/xen-4.0/boot/hvmloader"
builder=''hvm''
memory = 4096
vcpus=1
name = "Windows8"
vif = [''bridge=xenbr0'']
disk =
[''phy:/dev/vg0/windows8,hda,w'',''file:/usr/src/windows8_x64.iso,hdc:cdrom,r<file:///\\%5C%5Cusr%5Csrc%5Cwindows8_x64.iso,hdc:cdrom,r>'']
acpi = 1
device_model = ''qemu-dm''
boot="d"
sdl=0
serial=''pty''
vnc=1
vnclisten="0.0.0.0"
vncpasswd=""
usbdevice=''tablet''
_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org<mailto:Xen-users@lists.xen.org>
http://lists.xen.org/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users
Thanks. So Debian domU works, that''s good to know. Can you please post "ipconfig /all" from Windows 8 domU? Can you also please check your logs (/var/log/xen/qemu-..., dmesg, syslog, windows event viewer) for errors? Dne 20.5.2013 14:23, Simon Jones napsal(a):> > ID 7 is a debian test vm I set up, I just reconfigured the networking > on it and rebooted, now this one can ping dom0 static IP and receives > a reply. No reply when I try and ping the other windows guest, also > get a reply when pinging the default gateway, all are on the same network. > > root@test-pv:~# ifconfig > > eth0 Link encap:Ethernet HWaddr 00:16:3e:14:d8:42 > > inet addr:195.2.139.213 Bcast:195.2.139.255 Mask:255.255.255.0 > > inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:545 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:36 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:29480 (28.7 KiB) TX bytes:3016 (2.9 KiB) > > Interrupt:17 > > *From:*Jan Hejl [mailto:jh@excello.cz] > *Sent:* 20 May 2013 13:15 > *To:* Simon Jones > *Cc:* xen-users@lists.xen.org > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > I suppose domU ID you described is 7, isn''t it? Is the other domU - id > 14 - able to reach the dom0 with ping? > > Dne 20.5.2013 14:09, Simon Jones napsal(a): > > Hi Jan, > > Thanks -- I should have included that but here you go; > > bridge name bridge id STP enabled interfaces > > xenbr0 8000.00e081465f38 no eth1 > > tap14.0 > > vif14.0 > > vif7.0 > > *From:*xen-users-bounces@lists.xen.org > <mailto:xen-users-bounces@lists.xen.org> > [mailto:xen-users-bounces@lists.xen.org] *On Behalf Of *Jan Hejl > *Sent:* 20 May 2013 12:52 > *To:* xen-users@lists.xen.org <mailto:xen-users@lists.xen.org> > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > Hi Simon, > > what does "brctl show" show? It should show xenbr0 and some vifX.Y > (which is domU interface) device. > > Jan > > Dne 20.5.2013 13:36, Simon Jones napsal(a): > > Hi, I have a new xen hosting platform. I have given the > bridge a static IP which I can ping/ssh to etc, when I create > a new vm all works well apart from the networking. If I give > DomU a static IP I can''t ping out from the box, Dom0 can''t > ping the vm. I''m suspecting it just isn''t seeing the bridge > but am unsure where to start looking. This is a very standard > setup, 1 bridge: xenbr0 > > Here''s a config file for a windows guest but I get the same > with windows or debian guests. > > cat windows8.cfg > > kernel = "/usr/lib/xen-4.0/boot/hvmloader" > > builder=''hvm'' > > memory = 4096 > > vcpus=1 > > name = "Windows8" > > vif = [''bridge=xenbr0''] > > disk > [''phy:/dev/vg0/windows8,hda,w'',''file:/usr/src/windows8_x64.iso,hdc:cdrom,r > <file:///%5C%5C%5C%5Cusr%5Csrc%5Cwindows8_x64.iso,hdc:cdrom,r>''] > > acpi = 1 > > device_model = ''qemu-dm'' > > boot="d" > > sdl=0 > > serial=''pty'' > > vnc=1 > > vnclisten="0.0.0.0" > > vncpasswd="" > > usbdevice=''tablet'' > > > > > > _______________________________________________ > > Xen-users mailing list > > Xen-users@lists.xen.org <mailto:Xen-users@lists.xen.org> > > http://lists.xen.org/xen-users >_______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
On 20/05/13 22:23, Simon Jones wrote:> > ID 7 is a debian test vm I set up, I just reconfigured the networking > on it and rebooted, now this one can ping dom0 static IP and receives > a reply. No reply when I try and ping the other windows guest, also > get a reply when pinging the default gateway, all are on the same network. > > > >Have you installed the GPLPV drivers in the windows domU? Can you show the output of "ipconfig /all" from the windows machine (command prompt) Regards, Adam -- Adam Goryachev Website Managers www.websitemanagers.com.au _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
The windows guest can also ping dom0 but again, can''t ping the gateway
or anything else other than Dom0''s IP. I can only get vnc to the
windows machine and as such can''t copy/paste the output from ipconfig
/all but it is all correct, static IP 195.2.139.196 / 255.255.255.0 / gateway
195.2.139.1 and our public recursor dns servers 195.2.130.8 / 200, should I
check for something in particular?
Here''s how dom0 is configured;
# The loopback interface
auto lo
iface lo inet loopback
# Bridge Static Configuration
# (network, broadcast and gateway are optional)
auto xenbr0
iface xenbr0 inet static
bridge_ports eth1
address 195.2.139.4
broadcast 195.2.139.255
netmask 255.255.255.0
network 195.2.139.0
gateway 195.2.139.1
#Eth0 Static Configuration
auto eth0
iface eth0 inet static
address 192.168.2.4
netmask 255.255.255.0
Eth1 is the public port on the WAN and Eth0 is just our back-end admin lan so
you can ignore that. Dom0 works great, I can ping our and resolve DNS, ssh in
from my office, all good. The DomU''s just aren''t picking up
the default gateway by the looks of it but CAN ping and reply to Dom0''s
IP 195.2.139.4
When I try and ping the gateway 195.2.139.1 from the debian vm I get
From 195.2.139.170 icmp_seq=684 Destination Host Unreachable
195.2.139.170 is the static Ip given to the debian vm;
root@test-pv:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3e:14:d8:42
inet addr:195.2.139.170 Bcast:195.2.139.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3126 errors:0 dropped:0 overruns:0 frame:0
TX packets:902 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:171271 (167.2 KiB) TX bytes:85980 (83.9 KiB)
Interrupt:17
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:672 (672.0 B) TX bytes:672 (672.0 B)
Here''s some stuff from /var/log/messages so the bridge seems ok;
May 20 13:28:29 xen-1 kernel: [ 8367.944038] xenbr0: port 2(vif16.0) entering
forwarding state
May 20 13:29:06 xen-1 kernel: [ 8403.989601] xenbr0: port 2(vif16.0) entering
disabled state
May 20 13:29:06 xen-1 kernel: [ 8404.017006] xenbr0: port 2(vif16.0) entering
disabled state
May 20 13:29:32 xen-1 kernel: [ 8430.910729] device vif17.0 entered promiscuous
mode
May 20 13:29:32 xen-1 kernel: [ 8430.920869] xenbr0: port 2(vif17.0) entering
learning state
May 20 13:29:33 xen-1 kernel: [ 8431.866548] blkback: ring-ref 8, event-channel
13, protocol 1 (x86_64-abi)
May 20 13:29:33 xen-1 kernel: [ 8431.894288] blkback: ring-ref 9, event-channel
14, protocol 1 (x86_64-abi)
May 20 13:29:47 xen-1 kernel: [ 8445.916079] xenbr0: port 2(vif17.0) entering
forwarding state
From: Jan Hejl [mailto:jh@excello.cz]
Sent: 20 May 2013 13:35
To: Simon Jones
Cc: xen-users@lists.xen.org
Subject: Re: [Xen-users] xenbr0 / domU static IPs
Thanks. So Debian domU works, that''s good to know.
Can you please post "ipconfig /all" from Windows 8 domU? Can you also
please check your logs (/var/log/xen/qemu-..., dmesg, syslog, windows event
viewer) for errors?
Dne 20.5.2013 14:23, Simon Jones napsal(a):
ID 7 is a debian test vm I set up, I just reconfigured the networking on it and
rebooted, now this one can ping dom0 static IP and receives a reply. No reply
when I try and ping the other windows guest, also get a reply when pinging the
default gateway, all are on the same network.
root@test-pv:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3e:14:d8:42
inet addr:195.2.139.213 Bcast:195.2.139.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:545 errors:0 dropped:0 overruns:0 frame:0
TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:29480 (28.7 KiB) TX bytes:3016 (2.9 KiB)
Interrupt:17
From: Jan Hejl [mailto:jh@excello.cz]
Sent: 20 May 2013 13:15
To: Simon Jones
Cc: xen-users@lists.xen.org<mailto:xen-users@lists.xen.org>
Subject: Re: [Xen-users] xenbr0 / domU static IPs
I suppose domU ID you described is 7, isn''t it? Is the other domU - id
14 - able to reach the dom0 with ping?
Dne 20.5.2013 14:09, Simon Jones napsal(a):
Hi Jan,
Thanks - I should have included that but here you go;
bridge name bridge id STP enabled interfaces
xenbr0 8000.00e081465f38 no eth1
tap14.0
vif14.0
vif7.0
From:
xen-users-bounces@lists.xen.org<mailto:xen-users-bounces@lists.xen.org>
[mailto:xen-users-bounces@lists.xen.org] On Behalf Of Jan Hejl
Sent: 20 May 2013 12:52
To: xen-users@lists.xen.org<mailto:xen-users@lists.xen.org>
Subject: Re: [Xen-users] xenbr0 / domU static IPs
Hi Simon,
what does "brctl show" show? It should show xenbr0 and some vifX.Y
(which is domU interface) device.
Jan
Dne 20.5.2013 13:36, Simon Jones napsal(a):
Hi, I have a new xen hosting platform. I have given the bridge a static IP
which I can ping/ssh to etc, when I create a new vm all works well apart from
the networking. If I give DomU a static IP I can''t ping out from the
box, Dom0 can''t ping the vm. I''m suspecting it just
isn''t seeing the bridge but am unsure where to start looking. This is
a very standard setup, 1 bridge: xenbr0
Here''s a config file for a windows guest but I get the same with
windows or debian guests.
cat windows8.cfg
kernel = "/usr/lib/xen-4.0/boot/hvmloader"
builder=''hvm''
memory = 4096
vcpus=1
name = "Windows8"
vif = [''bridge=xenbr0'']
disk =
[''phy:/dev/vg0/windows8,hda,w'',''file:/usr/src/windows8_x64.iso,hdc:cdrom,r<file:///\\%5C%5C%5C%5Cusr%5Csrc%5Cwindows8_x64.iso,hdc:cdrom,r>'']
acpi = 1
device_model = ''qemu-dm''
boot="d"
sdl=0
serial=''pty''
vnc=1
vnclisten="0.0.0.0"
vncpasswd=""
usbdevice=''tablet''
_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org<mailto:Xen-users@lists.xen.org>
http://lists.xen.org/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users
Thanks. It''s more clearer now. :) What "/proc/sys/net/ipv4/ip_forward" contains? 0 or 1? Should be set to 1. Dne 20.5.2013 14:57, Simon Jones napsal(a):> > The windows guest can also ping dom0 but again, can''t ping the gateway > or anything else other than Dom0''s IP. I can only get vnc to the > windows machine and as such can''t copy/paste the output from ipconfig > /all but it is all correct, static IP 195.2.139.196 / 255.255.255.0 / > gateway 195.2.139.1 and our public recursor dns servers 195.2.130.8 / > 200, should I check for something in particular? > > Here''s how dom0 is configured; > > # The loopback interface > > auto lo > > iface lo inet loopback > > # Bridge Static Configuration > > # (network, broadcast and gateway are optional) > > auto xenbr0 > > iface xenbr0 inet static > > bridge_ports eth1 > > address 195.2.139.4 > > broadcast 195.2.139.255 > > netmask 255.255.255.0 > > network 195.2.139.0 > > gateway 195.2.139.1 > > #Eth0 Static Configuration > > auto eth0 > > iface eth0 inet static > > address 192.168.2.4 > > netmask 255.255.255.0 > > Eth1 is the public port on the WAN and Eth0 is just our back-end admin > lan so you can ignore that. Dom0 works great, I can ping our and > resolve DNS, ssh in from my office, all good. The DomU''s just aren''t > picking up the default gateway by the looks of it but CAN ping and > reply to Dom0''s IP 195.2.139.4 > > When I try and ping the gateway 195.2.139.1 from the debian vm I get > > From 195.2.139.170 icmp_seq=684 Destination Host Unreachable > > 195.2.139.170 is the static Ip given to the debian vm; > > root@test-pv:~# ifconfig > > eth0 Link encap:Ethernet HWaddr 00:16:3e:14:d8:42 > > inet addr:195.2.139.170 Bcast:195.2.139.255 Mask:255.255.255.0 > > inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:3126 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:902 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:171271 (167.2 KiB) TX bytes:85980 (83.9 KiB) > > Interrupt:17 > > lo Link encap:Local Loopback > > inet addr:127.0.0.1 Mask:255.0.0.0 > > inet6 addr: ::1/128 Scope:Host > > UP LOOPBACK RUNNING MTU:16436 Metric:1 > > RX packets:6 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:672 (672.0 B) TX bytes:672 (672.0 B) > > Here''s some stuff from /var/log/messages so the bridge seems ok; > > May 20 13:28:29 xen-1 kernel: [ 8367.944038] xenbr0: port 2(vif16.0) > entering forwarding state > > May 20 13:29:06 xen-1 kernel: [ 8403.989601] xenbr0: port 2(vif16.0) > entering disabled state > > May 20 13:29:06 xen-1 kernel: [ 8404.017006] xenbr0: port 2(vif16.0) > entering disabled state > > May 20 13:29:32 xen-1 kernel: [ 8430.910729] device vif17.0 entered > promiscuous mode > > May 20 13:29:32 xen-1 kernel: [ 8430.920869] xenbr0: port 2(vif17.0) > entering learning state > > May 20 13:29:33 xen-1 kernel: [ 8431.866548] blkback: ring-ref 8, > event-channel 13, protocol 1 (x86_64-abi) > > May 20 13:29:33 xen-1 kernel: [ 8431.894288] blkback: ring-ref 9, > event-channel 14, protocol 1 (x86_64-abi) > > May 20 13:29:47 xen-1 kernel: [ 8445.916079] xenbr0: port 2(vif17.0) > entering forwarding state > > *From:*Jan Hejl [mailto:jh@excello.cz] > *Sent:* 20 May 2013 13:35 > *To:* Simon Jones > *Cc:* xen-users@lists.xen.org > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > Thanks. So Debian domU works, that''s good to know. > > Can you please post "ipconfig /all" from Windows 8 domU? Can you also > please check your logs (/var/log/xen/qemu-..., dmesg, syslog, windows > event viewer) for errors? > > Dne 20.5.2013 14:23, Simon Jones napsal(a): > > ID 7 is a debian test vm I set up, I just reconfigured the > networking on it and rebooted, now this one can ping dom0 static > IP and receives a reply. No reply when I try and ping the other > windows guest, also get a reply when pinging the default gateway, > all are on the same network. > > root@test-pv:~# ifconfig > > eth0 Link encap:Ethernet HWaddr 00:16:3e:14:d8:42 > > inet addr:195.2.139.213 Bcast:195.2.139.255 > Mask:255.255.255.0 > > inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:545 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:36 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:29480 (28.7 KiB) TX bytes:3016 (2.9 KiB) > > Interrupt:17 > > *From:*Jan Hejl [mailto:jh@excello.cz] > *Sent:* 20 May 2013 13:15 > *To:* Simon Jones > *Cc:* xen-users@lists.xen.org <mailto:xen-users@lists.xen.org> > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > I suppose domU ID you described is 7, isn''t it? Is the other domU > - id 14 - able to reach the dom0 with ping? > > Dne 20.5.2013 14:09, Simon Jones napsal(a): > > Hi Jan, > > Thanks -- I should have included that but here you go; > > bridge name bridge id STP enabled interfaces > > xenbr0 8000.00e081465f38 no eth1 > > tap14.0 > > vif14.0 > > vif7.0 > > *From:*xen-users-bounces@lists.xen.org > <mailto:xen-users-bounces@lists.xen.org> > [mailto:xen-users-bounces@lists.xen.org] *On Behalf Of *Jan Hejl > *Sent:* 20 May 2013 12:52 > *To:* xen-users@lists.xen.org <mailto:xen-users@lists.xen.org> > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > Hi Simon, > > what does "brctl show" show? It should show xenbr0 and some > vifX.Y (which is domU interface) device. > > Jan > > Dne 20.5.2013 13:36, Simon Jones napsal(a): > > Hi, I have a new xen hosting platform. I have given the > bridge a static IP which I can ping/ssh to etc, when I > create a new vm all works well apart from the networking. > If I give DomU a static IP I can''t ping out from the box, > Dom0 can''t ping the vm. I''m suspecting it just isn''t > seeing the bridge but am unsure where to start looking. > This is a very standard setup, 1 bridge: xenbr0 > > Here''s a config file for a windows guest but I get the > same with windows or debian guests. > > cat windows8.cfg > > kernel = "/usr/lib/xen-4.0/boot/hvmloader" > > builder=''hvm'' > > memory = 4096 > > vcpus=1 > > name = "Windows8" > > vif = [''bridge=xenbr0''] > > disk > [''phy:/dev/vg0/windows8,hda,w'',''file:/usr/src/windows8_x64.iso,hdc:cdrom,r > <file:///%5C%5C%5C%5C%5C%5Cusr%5Csrc%5Cwindows8_x64.iso,hdc:cdrom,r>''] > > acpi = 1 > > device_model = ''qemu-dm'' > > boot="d" > > sdl=0 > > serial=''pty'' > > vnc=1 > > vnclisten="0.0.0.0" > > vncpasswd="" > > usbdevice=''tablet'' > > > > > > > _______________________________________________ > > Xen-users mailing list > > Xen-users@lists.xen.org <mailto:Xen-users@lists.xen.org> > > http://lists.xen.org/xen-users >_______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
Aha! It''s set to 0,
echo "1"> /proc/sys/net/ipv4/ip_forward has changed it to 1, still
can''t ping anything other than Dom0 ip on both guests though.
From: Jan Hejl [mailto:jh@excello.cz]
Sent: 20 May 2013 14:02
To: Simon Jones
Cc: xen-users@lists.xen.org
Subject: Re: [Xen-users] xenbr0 / domU static IPs
Thanks. It''s more clearer now. :)
What "/proc/sys/net/ipv4/ip_forward" contains? 0 or 1? Should be set
to 1.
Dne 20.5.2013 14:57, Simon Jones napsal(a):
The windows guest can also ping dom0 but again, can''t ping the gateway
or anything else other than Dom0''s IP. I can only get vnc to the
windows machine and as such can''t copy/paste the output from ipconfig
/all but it is all correct, static IP 195.2.139.196 / 255.255.255.0 / gateway
195.2.139.1 and our public recursor dns servers 195.2.130.8 / 200, should I
check for something in particular?
Here''s how dom0 is configured;
# The loopback interface
auto lo
iface lo inet loopback
# Bridge Static Configuration
# (network, broadcast and gateway are optional)
auto xenbr0
iface xenbr0 inet static
bridge_ports eth1
address 195.2.139.4
broadcast 195.2.139.255
netmask 255.255.255.0
network 195.2.139.0
gateway 195.2.139.1
#Eth0 Static Configuration
auto eth0
iface eth0 inet static
address 192.168.2.4
netmask 255.255.255.0
Eth1 is the public port on the WAN and Eth0 is just our back-end admin lan so
you can ignore that. Dom0 works great, I can ping our and resolve DNS, ssh in
from my office, all good. The DomU''s just aren''t picking up
the default gateway by the looks of it but CAN ping and reply to Dom0''s
IP 195.2.139.4
When I try and ping the gateway 195.2.139.1 from the debian vm I get
From 195.2.139.170 icmp_seq=684 Destination Host Unreachable
195.2.139.170 is the static Ip given to the debian vm;
root@test-pv:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3e:14:d8:42
inet addr:195.2.139.170 Bcast:195.2.139.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3126 errors:0 dropped:0 overruns:0 frame:0
TX packets:902 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:171271 (167.2 KiB) TX bytes:85980 (83.9 KiB)
Interrupt:17
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:672 (672.0 B) TX bytes:672 (672.0 B)
Here''s some stuff from /var/log/messages so the bridge seems ok;
May 20 13:28:29 xen-1 kernel: [ 8367.944038] xenbr0: port 2(vif16.0) entering
forwarding state
May 20 13:29:06 xen-1 kernel: [ 8403.989601] xenbr0: port 2(vif16.0) entering
disabled state
May 20 13:29:06 xen-1 kernel: [ 8404.017006] xenbr0: port 2(vif16.0) entering
disabled state
May 20 13:29:32 xen-1 kernel: [ 8430.910729] device vif17.0 entered promiscuous
mode
May 20 13:29:32 xen-1 kernel: [ 8430.920869] xenbr0: port 2(vif17.0) entering
learning state
May 20 13:29:33 xen-1 kernel: [ 8431.866548] blkback: ring-ref 8, event-channel
13, protocol 1 (x86_64-abi)
May 20 13:29:33 xen-1 kernel: [ 8431.894288] blkback: ring-ref 9, event-channel
14, protocol 1 (x86_64-abi)
May 20 13:29:47 xen-1 kernel: [ 8445.916079] xenbr0: port 2(vif17.0) entering
forwarding state
From: Jan Hejl [mailto:jh@excello.cz]
Sent: 20 May 2013 13:35
To: Simon Jones
Cc: xen-users@lists.xen.org<mailto:xen-users@lists.xen.org>
Subject: Re: [Xen-users] xenbr0 / domU static IPs
Thanks. So Debian domU works, that''s good to know.
Can you please post "ipconfig /all" from Windows 8 domU? Can you also
please check your logs (/var/log/xen/qemu-..., dmesg, syslog, windows event
viewer) for errors?
Dne 20.5.2013 14:23, Simon Jones napsal(a):
ID 7 is a debian test vm I set up, I just reconfigured the networking on it and
rebooted, now this one can ping dom0 static IP and receives a reply. No reply
when I try and ping the other windows guest, also get a reply when pinging the
default gateway, all are on the same network.
root@test-pv:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3e:14:d8:42
inet addr:195.2.139.213 Bcast:195.2.139.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:545 errors:0 dropped:0 overruns:0 frame:0
TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:29480 (28.7 KiB) TX bytes:3016 (2.9 KiB)
Interrupt:17
From: Jan Hejl [mailto:jh@excello.cz]
Sent: 20 May 2013 13:15
To: Simon Jones
Cc: xen-users@lists.xen.org<mailto:xen-users@lists.xen.org>
Subject: Re: [Xen-users] xenbr0 / domU static IPs
I suppose domU ID you described is 7, isn''t it? Is the other domU - id
14 - able to reach the dom0 with ping?
Dne 20.5.2013 14:09, Simon Jones napsal(a):
Hi Jan,
Thanks - I should have included that but here you go;
bridge name bridge id STP enabled interfaces
xenbr0 8000.00e081465f38 no eth1
tap14.0
vif14.0
vif7.0
From:
xen-users-bounces@lists.xen.org<mailto:xen-users-bounces@lists.xen.org>
[mailto:xen-users-bounces@lists.xen.org] On Behalf Of Jan Hejl
Sent: 20 May 2013 12:52
To: xen-users@lists.xen.org<mailto:xen-users@lists.xen.org>
Subject: Re: [Xen-users] xenbr0 / domU static IPs
Hi Simon,
what does "brctl show" show? It should show xenbr0 and some vifX.Y
(which is domU interface) device.
Jan
Dne 20.5.2013 13:36, Simon Jones napsal(a):
Hi, I have a new xen hosting platform. I have given the bridge a static IP
which I can ping/ssh to etc, when I create a new vm all works well apart from
the networking. If I give DomU a static IP I can''t ping out from the
box, Dom0 can''t ping the vm. I''m suspecting it just
isn''t seeing the bridge but am unsure where to start looking. This is
a very standard setup, 1 bridge: xenbr0
Here''s a config file for a windows guest but I get the same with
windows or debian guests.
cat windows8.cfg
kernel = "/usr/lib/xen-4.0/boot/hvmloader"
builder=''hvm''
memory = 4096
vcpus=1
name = "Windows8"
vif = [''bridge=xenbr0'']
disk =
[''phy:/dev/vg0/windows8,hda,w'',''file:/usr/src/windows8_x64.iso,hdc:cdrom,r<file:///\\%5C%5C%5C%5C%5C%5Cusr%5Csrc%5Cwindows8_x64.iso,hdc:cdrom,r>'']
acpi = 1
device_model = ''qemu-dm''
boot="d"
sdl=0
serial=''pty''
vnc=1
vnclisten="0.0.0.0"
vncpasswd=""
usbdevice=''tablet''
_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org<mailto:Xen-users@lists.xen.org>
http://lists.xen.org/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users
Weird. What about your firewall? Specially FORWARD chain. Is somethnig there what can block traffic? Are you sure that there''s nothing (router / switch) that can block your traffic? Some hosting providers allow traffic only from dom0 MAC address everything else is dropped. Then you should set up routed network inside you dom0. Dne 20.5.2013 15:09, Simon Jones napsal(a):> > Aha! It''s set to 0, > > echo "1"> /proc/sys/net/ipv4/ip_forward has changed it to 1, still > can''t ping anything other than Dom0 ip on both guests though. > > *From:*Jan Hejl [mailto:jh@excello.cz] > *Sent:* 20 May 2013 14:02 > *To:* Simon Jones > *Cc:* xen-users@lists.xen.org > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > Thanks. It''s more clearer now. :) > > What "/proc/sys/net/ipv4/ip_forward" contains? 0 or 1? Should be set to 1. > > Dne 20.5.2013 14:57, Simon Jones napsal(a): > > The windows guest can also ping dom0 but again, can''t ping the > gateway or anything else other than Dom0''s IP. I can only get vnc > to the windows machine and as such can''t copy/paste the output > from ipconfig /all but it is all correct, static IP 195.2.139.196 > / 255.255.255.0 / gateway 195.2.139.1 and our public recursor dns > servers 195.2.130.8 / 200, should I check for something in particular? > > Here''s how dom0 is configured; > > # The loopback interface > > auto lo > > iface lo inet loopback > > # Bridge Static Configuration > > # (network, broadcast and gateway are optional) > > auto xenbr0 > > iface xenbr0 inet static > > bridge_ports eth1 > > address 195.2.139.4 > > broadcast 195.2.139.255 > > netmask 255.255.255.0 > > network 195.2.139.0 > > gateway 195.2.139.1 > > #Eth0 Static Configuration > > auto eth0 > > iface eth0 inet static > > address 192.168.2.4 > > netmask 255.255.255.0 > > Eth1 is the public port on the WAN and Eth0 is just our back-end > admin lan so you can ignore that. Dom0 works great, I can ping > our and resolve DNS, ssh in from my office, all good. The DomU''s > just aren''t picking up the default gateway by the looks of it but > CAN ping and reply to Dom0''s IP 195.2.139.4 > > When I try and ping the gateway 195.2.139.1 from the debian vm I get > > From 195.2.139.170 icmp_seq=684 Destination Host Unreachable > > 195.2.139.170 is the static Ip given to the debian vm; > > root@test-pv:~# ifconfig > > eth0 Link encap:Ethernet HWaddr 00:16:3e:14:d8:42 > > inet addr:195.2.139.170 Bcast:195.2.139.255 > Mask:255.255.255.0 > > inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:3126 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:902 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:171271 (167.2 KiB) TX bytes:85980 (83.9 KiB) > > Interrupt:17 > > lo Link encap:Local Loopback > > inet addr:127.0.0.1 Mask:255.0.0.0 > > inet6 addr: ::1/128 Scope:Host > > UP LOOPBACK RUNNING MTU:16436 Metric:1 > > RX packets:6 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:672 (672.0 B) TX bytes:672 (672.0 B) > > Here''s some stuff from /var/log/messages so the bridge seems ok; > > May 20 13:28:29 xen-1 kernel: [ 8367.944038] xenbr0: port > 2(vif16.0) entering forwarding state > > May 20 13:29:06 xen-1 kernel: [ 8403.989601] xenbr0: port > 2(vif16.0) entering disabled state > > May 20 13:29:06 xen-1 kernel: [ 8404.017006] xenbr0: port > 2(vif16.0) entering disabled state > > May 20 13:29:32 xen-1 kernel: [ 8430.910729] device vif17.0 > entered promiscuous mode > > May 20 13:29:32 xen-1 kernel: [ 8430.920869] xenbr0: port > 2(vif17.0) entering learning state > > May 20 13:29:33 xen-1 kernel: [ 8431.866548] blkback: ring-ref 8, > event-channel 13, protocol 1 (x86_64-abi) > > May 20 13:29:33 xen-1 kernel: [ 8431.894288] blkback: ring-ref 9, > event-channel 14, protocol 1 (x86_64-abi) > > May 20 13:29:47 xen-1 kernel: [ 8445.916079] xenbr0: port > 2(vif17.0) entering forwarding state > > *From:*Jan Hejl [mailto:jh@excello.cz] > *Sent:* 20 May 2013 13:35 > *To:* Simon Jones > *Cc:* xen-users@lists.xen.org <mailto:xen-users@lists.xen.org> > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > Thanks. So Debian domU works, that''s good to know. > > Can you please post "ipconfig /all" from Windows 8 domU? Can you > also please check your logs (/var/log/xen/qemu-..., dmesg, syslog, > windows event viewer) for errors? > > Dne 20.5.2013 14:23, Simon Jones napsal(a): > > ID 7 is a debian test vm I set up, I just reconfigured the > networking on it and rebooted, now this one can ping dom0 > static IP and receives a reply. No reply when I try and ping > the other windows guest, also get a reply when pinging the > default gateway, all are on the same network. > > root@test-pv:~# ifconfig > > eth0 Link encap:Ethernet HWaddr 00:16:3e:14:d8:42 > > inet addr:195.2.139.213 Bcast:195.2.139.255 > Mask:255.255.255.0 > > inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:545 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:36 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:29480 (28.7 KiB) TX bytes:3016 (2.9 KiB) > > Interrupt:17 > > *From:*Jan Hejl [mailto:jh@excello.cz] > *Sent:* 20 May 2013 13:15 > *To:* Simon Jones > *Cc:* xen-users@lists.xen.org <mailto:xen-users@lists.xen.org> > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > I suppose domU ID you described is 7, isn''t it? Is the other > domU - id 14 - able to reach the dom0 with ping? > > Dne 20.5.2013 14:09, Simon Jones napsal(a): > > Hi Jan, > > Thanks -- I should have included that but here you go; > > bridge name bridge id STP enabled interfaces > > xenbr0 8000.00e081465f38 no eth1 > > tap14.0 > > vif14.0 > > vif7.0 > > *From:*xen-users-bounces@lists.xen.org > <mailto:xen-users-bounces@lists.xen.org> > [mailto:xen-users-bounces@lists.xen.org] *On Behalf Of > *Jan Hejl > *Sent:* 20 May 2013 12:52 > *To:* xen-users@lists.xen.org <mailto:xen-users@lists.xen.org> > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > Hi Simon, > > what does "brctl show" show? It should show xenbr0 and > some vifX.Y (which is domU interface) device. > > Jan > > Dne 20.5.2013 13:36, Simon Jones napsal(a): > > Hi, I have a new xen hosting platform. I have given > the bridge a static IP which I can ping/ssh to etc, > when I create a new vm all works well apart from the > networking. If I give DomU a static IP I can''t ping > out from the box, Dom0 can''t ping the vm. I''m > suspecting it just isn''t seeing the bridge but am > unsure where to start looking. This is a very > standard setup, 1 bridge: xenbr0 > > Here''s a config file for a windows guest but I get the > same with windows or debian guests. > > cat windows8.cfg > > kernel = "/usr/lib/xen-4.0/boot/hvmloader" > > builder=''hvm'' > > memory = 4096 > > vcpus=1 > > name = "Windows8" > > vif = [''bridge=xenbr0''] > > disk > [''phy:/dev/vg0/windows8,hda,w'',''file:/usr/src/windows8_x64.iso,hdc:cdrom,r > <file:///%5C%5C%5C%5C%5C%5C%5C%5Cusr%5Csrc%5Cwindows8_x64.iso,hdc:cdrom,r>''] > > acpi = 1 > > device_model = ''qemu-dm'' > > boot="d" > > sdl=0 > > serial=''pty'' > > vnc=1 > > vnclisten="0.0.0.0" > > vncpasswd="" > > usbdevice=''tablet'' > > > > > > > > _______________________________________________ > > Xen-users mailing list > > Xen-users@lists.xen.org <mailto:Xen-users@lists.xen.org> > > http://lists.xen.org/xen-users >_______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
No firewall in the way;
root@xen-1:/etc/xen/scripts# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere PHYSDEV match
--physdev-out vif4.0 --physdev-is-bridged
ACCEPT udp -- anywhere anywhere PHYSDEV match
--physdev-in vif4.0 --physdev-is-bridged udp spt:bootpc dpt:bootps
ACCEPT all -- anywhere anywhere PHYSDEV match
--physdev-out vif4.0 --physdev-is-bridged
ACCEPT all -- 10.0.0.101 anywhere PHYSDEV match
--physdev-in vif4.0 --physdev-is-bridged
ACCEPT all -- anywhere anywhere PHYSDEV match
--physdev-out vif3.0 --physdev-is-bridged
ACCEPT all -- anywhere anywhere PHYSDEV match
--physdev-in vif3.0 --physdev-is-bridged
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
it looks like it''s remembered a 10.0.0 address from when I set it up
and hooked it in to the office dhcp server though, I''ll tidy that
later.
It''s my network so there are no weird routing or blocked mac addresses
other than the security stuff on the routers and core switches.
Do I have to restart Dom0 when changing the ip forwarding?
From: Jan Hejl [mailto:jh@excello.cz]
Sent: 20 May 2013 14:20
To: Simon Jones
Cc: xen-users@lists.xen.org
Subject: Re: [Xen-users] xenbr0 / domU static IPs
Weird. What about your firewall? Specially FORWARD chain. Is somethnig there
what can block traffic?
Are you sure that there''s nothing (router / switch) that can block your
traffic? Some hosting providers allow traffic only from dom0 MAC address
everything else is dropped. Then you should set up routed network inside you
dom0.
Dne 20.5.2013 15:09, Simon Jones napsal(a):
Aha! It''s set to 0,
echo "1"> /proc/sys/net/ipv4/ip_forward has changed it to 1, still
can''t ping anything other than Dom0 ip on both guests though.
From: Jan Hejl [mailto:jh@excello.cz]
Sent: 20 May 2013 14:02
To: Simon Jones
Cc: xen-users@lists.xen.org<mailto:xen-users@lists.xen.org>
Subject: Re: [Xen-users] xenbr0 / domU static IPs
Thanks. It''s more clearer now. :)
What "/proc/sys/net/ipv4/ip_forward" contains? 0 or 1? Should be set
to 1.
Dne 20.5.2013 14:57, Simon Jones napsal(a):
The windows guest can also ping dom0 but again, can''t ping the gateway
or anything else other than Dom0''s IP. I can only get vnc to the
windows machine and as such can''t copy/paste the output from ipconfig
/all but it is all correct, static IP 195.2.139.196 / 255.255.255.0 / gateway
195.2.139.1 and our public recursor dns servers 195.2.130.8 / 200, should I
check for something in particular?
Here''s how dom0 is configured;
# The loopback interface
auto lo
iface lo inet loopback
# Bridge Static Configuration
# (network, broadcast and gateway are optional)
auto xenbr0
iface xenbr0 inet static
bridge_ports eth1
address 195.2.139.4
broadcast 195.2.139.255
netmask 255.255.255.0
network 195.2.139.0
gateway 195.2.139.1
#Eth0 Static Configuration
auto eth0
iface eth0 inet static
address 192.168.2.4
netmask 255.255.255.0
Eth1 is the public port on the WAN and Eth0 is just our back-end admin lan so
you can ignore that. Dom0 works great, I can ping our and resolve DNS, ssh in
from my office, all good. The DomU''s just aren''t picking up
the default gateway by the looks of it but CAN ping and reply to Dom0''s
IP 195.2.139.4
When I try and ping the gateway 195.2.139.1 from the debian vm I get
From 195.2.139.170 icmp_seq=684 Destination Host Unreachable
195.2.139.170 is the static Ip given to the debian vm;
root@test-pv:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3e:14:d8:42
inet addr:195.2.139.170 Bcast:195.2.139.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3126 errors:0 dropped:0 overruns:0 frame:0
TX packets:902 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:171271 (167.2 KiB) TX bytes:85980 (83.9 KiB)
Interrupt:17
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:672 (672.0 B) TX bytes:672 (672.0 B)
Here''s some stuff from /var/log/messages so the bridge seems ok;
May 20 13:28:29 xen-1 kernel: [ 8367.944038] xenbr0: port 2(vif16.0) entering
forwarding state
May 20 13:29:06 xen-1 kernel: [ 8403.989601] xenbr0: port 2(vif16.0) entering
disabled state
May 20 13:29:06 xen-1 kernel: [ 8404.017006] xenbr0: port 2(vif16.0) entering
disabled state
May 20 13:29:32 xen-1 kernel: [ 8430.910729] device vif17.0 entered promiscuous
mode
May 20 13:29:32 xen-1 kernel: [ 8430.920869] xenbr0: port 2(vif17.0) entering
learning state
May 20 13:29:33 xen-1 kernel: [ 8431.866548] blkback: ring-ref 8, event-channel
13, protocol 1 (x86_64-abi)
May 20 13:29:33 xen-1 kernel: [ 8431.894288] blkback: ring-ref 9, event-channel
14, protocol 1 (x86_64-abi)
May 20 13:29:47 xen-1 kernel: [ 8445.916079] xenbr0: port 2(vif17.0) entering
forwarding state
From: Jan Hejl [mailto:jh@excello.cz]
Sent: 20 May 2013 13:35
To: Simon Jones
Cc: xen-users@lists.xen.org<mailto:xen-users@lists.xen.org>
Subject: Re: [Xen-users] xenbr0 / domU static IPs
Thanks. So Debian domU works, that''s good to know.
Can you please post "ipconfig /all" from Windows 8 domU? Can you also
please check your logs (/var/log/xen/qemu-..., dmesg, syslog, windows event
viewer) for errors?
Dne 20.5.2013 14:23, Simon Jones napsal(a):
ID 7 is a debian test vm I set up, I just reconfigured the networking on it and
rebooted, now this one can ping dom0 static IP and receives a reply. No reply
when I try and ping the other windows guest, also get a reply when pinging the
default gateway, all are on the same network.
root@test-pv:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3e:14:d8:42
inet addr:195.2.139.213 Bcast:195.2.139.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:545 errors:0 dropped:0 overruns:0 frame:0
TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:29480 (28.7 KiB) TX bytes:3016 (2.9 KiB)
Interrupt:17
From: Jan Hejl [mailto:jh@excello.cz]
Sent: 20 May 2013 13:15
To: Simon Jones
Cc: xen-users@lists.xen.org<mailto:xen-users@lists.xen.org>
Subject: Re: [Xen-users] xenbr0 / domU static IPs
I suppose domU ID you described is 7, isn''t it? Is the other domU - id
14 - able to reach the dom0 with ping?
Dne 20.5.2013 14:09, Simon Jones napsal(a):
Hi Jan,
Thanks - I should have included that but here you go;
bridge name bridge id STP enabled interfaces
xenbr0 8000.00e081465f38 no eth1
tap14.0
vif14.0
vif7.0
From:
xen-users-bounces@lists.xen.org<mailto:xen-users-bounces@lists.xen.org>
[mailto:xen-users-bounces@lists.xen.org] On Behalf Of Jan Hejl
Sent: 20 May 2013 12:52
To: xen-users@lists.xen.org<mailto:xen-users@lists.xen.org>
Subject: Re: [Xen-users] xenbr0 / domU static IPs
Hi Simon,
what does "brctl show" show? It should show xenbr0 and some vifX.Y
(which is domU interface) device.
Jan
Dne 20.5.2013 13:36, Simon Jones napsal(a):
Hi, I have a new xen hosting platform. I have given the bridge a static IP
which I can ping/ssh to etc, when I create a new vm all works well apart from
the networking. If I give DomU a static IP I can''t ping out from the
box, Dom0 can''t ping the vm. I''m suspecting it just
isn''t seeing the bridge but am unsure where to start looking. This is
a very standard setup, 1 bridge: xenbr0
Here''s a config file for a windows guest but I get the same with
windows or debian guests.
cat windows8.cfg
kernel = "/usr/lib/xen-4.0/boot/hvmloader"
builder=''hvm''
memory = 4096
vcpus=1
name = "Windows8"
vif = [''bridge=xenbr0'']
disk =
[''phy:/dev/vg0/windows8,hda,w'',''file:/usr/src/windows8_x64.iso,hdc:cdrom,r<file:///\\%5C%5C%5C%5C%5C%5C%5C%5Cusr%5Csrc%5Cwindows8_x64.iso,hdc:cdrom,r>'']
acpi = 1
device_model = ''qemu-dm''
boot="d"
sdl=0
serial=''pty''
vnc=1
vnclisten="0.0.0.0"
vncpasswd=""
usbdevice=''tablet''
_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org<mailto:Xen-users@lists.xen.org>
http://lists.xen.org/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users
Jan Hejl <jh@excello.cz> schrieb:>Thanks. It''s more leader now. :) > >What "/proc/sys/net/ipv4/ip_forward" contains? 0 or 1? Should be set to >1.For bridging only it should be 0, but "could" be "1"... It seems you''ve runned into a routing prob as your eth0 offers the whole net you expect on your bridge. Check your networking without eth0 (put eth0 down for that time and delete the IP on it). hth, Niels. -- Niels Dettenbach Syndicat IT&Internet http://www.syndicat.com _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
No you don''t have to, for now. Firewall looks clear, contains only irrelevant rules. It''s definately a network problem. Probably on dom0. Can you please check your dom0 routing table? With: ip route show And how is the eth1 on dom0 configured? Dne 20.5.2013 15:25, Simon Jones napsal(a):> > No firewall in the way; > > root@xen-1:/etc/xen/scripts# iptables -L > > Chain INPUT (policy ACCEPT) > > target prot opt source destination > > Chain FORWARD (policy ACCEPT) > > target prot opt source destination > > ACCEPT all -- anywhere anywhere PHYSDEV > match --physdev-out vif4.0 --physdev-is-bridged > > ACCEPT udp -- anywhere anywhere PHYSDEV > match --physdev-in vif4.0 --physdev-is-bridged udp spt:bootpc dpt:bootps > > ACCEPT all -- anywhere anywhere PHYSDEV > match --physdev-out vif4.0 --physdev-is-bridged > > ACCEPT all -- 10.0.0.101 anywhere PHYSDEV > match --physdev-in vif4.0 --physdev-is-bridged > > ACCEPT all -- anywhere anywhere PHYSDEV > match --physdev-out vif3.0 --physdev-is-bridged > > ACCEPT all -- anywhere anywhere PHYSDEV > match --physdev-in vif3.0 --physdev-is-bridged > > Chain OUTPUT (policy ACCEPT) > > target prot opt source destination > > it looks like it''s remembered a 10.0.0 address from when I set it up > and hooked it in to the office dhcp server though, I''ll tidy that later. > > It''s my network so there are no weird routing or blocked mac addresses > other than the security stuff on the routers and core switches. > > Do I have to restart Dom0 when changing the ip forwarding? > > *From:*Jan Hejl [mailto:jh@excello.cz] > *Sent:* 20 May 2013 14:20 > *To:* Simon Jones > *Cc:* xen-users@lists.xen.org > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > Weird. What about your firewall? Specially FORWARD chain. Is somethnig > there what can block traffic? > > Are you sure that there''s nothing (router / switch) that can block > your traffic? Some hosting providers allow traffic only from dom0 MAC > address everything else is dropped. Then you should set up routed > network inside you dom0. > > Dne 20.5.2013 15:09, Simon Jones napsal(a): > > Aha! It''s set to 0, > > echo "1"> /proc/sys/net/ipv4/ip_forward has changed it to 1, > still can''t ping anything other than Dom0 ip on both guests though. > > *From:*Jan Hejl [mailto:jh@excello.cz] > *Sent:* 20 May 2013 14:02 > *To:* Simon Jones > *Cc:* xen-users@lists.xen.org <mailto:xen-users@lists.xen.org> > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > Thanks. It''s more clearer now. :) > > What "/proc/sys/net/ipv4/ip_forward" contains? 0 or 1? Should be > set to 1. > > Dne 20.5.2013 14:57, Simon Jones napsal(a): > > The windows guest can also ping dom0 but again, can''t ping the > gateway or anything else other than Dom0''s IP. I can only get > vnc to the windows machine and as such can''t copy/paste the > output from ipconfig /all but it is all correct, static IP > 195.2.139.196 / 255.255.255.0 / gateway 195.2.139.1 and our > public recursor dns servers 195.2.130.8 / 200, should I check > for something in particular? > > Here''s how dom0 is configured; > > # The loopback interface > > auto lo > > iface lo inet loopback > > # Bridge Static Configuration > > # (network, broadcast and gateway are optional) > > auto xenbr0 > > iface xenbr0 inet static > > bridge_ports eth1 > > address 195.2.139.4 > > broadcast 195.2.139.255 > > netmask 255.255.255.0 > > network 195.2.139.0 > > gateway 195.2.139.1 > > #Eth0 Static Configuration > > auto eth0 > > iface eth0 inet static > > address 192.168.2.4 > > netmask 255.255.255.0 > > Eth1 is the public port on the WAN and Eth0 is just our > back-end admin lan so you can ignore that. Dom0 works great, > I can ping our and resolve DNS, ssh in from my office, all > good. The DomU''s just aren''t picking up the default gateway > by the looks of it but CAN ping and reply to Dom0''s IP 195.2.139.4 > > When I try and ping the gateway 195.2.139.1 from the debian vm > I get > > From 195.2.139.170 icmp_seq=684 Destination Host Unreachable > > 195.2.139.170 is the static Ip given to the debian vm; > > root@test-pv:~# ifconfig > > eth0 Link encap:Ethernet HWaddr 00:16:3e:14:d8:42 > > inet addr:195.2.139.170 Bcast:195.2.139.255 > Mask:255.255.255.0 > > inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:3126 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:902 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:171271 (167.2 KiB) TX bytes:85980 (83.9 KiB) > > Interrupt:17 > > lo Link encap:Local Loopback > > inet addr:127.0.0.1 Mask:255.0.0.0 > > inet6 addr: ::1/128 Scope:Host > > UP LOOPBACK RUNNING MTU:16436 Metric:1 > > RX packets:6 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:672 (672.0 B) TX bytes:672 (672.0 B) > > Here''s some stuff from /var/log/messages so the bridge seems ok; > > May 20 13:28:29 xen-1 kernel: [ 8367.944038] xenbr0: port > 2(vif16.0) entering forwarding state > > May 20 13:29:06 xen-1 kernel: [ 8403.989601] xenbr0: port > 2(vif16.0) entering disabled state > > May 20 13:29:06 xen-1 kernel: [ 8404.017006] xenbr0: port > 2(vif16.0) entering disabled state > > May 20 13:29:32 xen-1 kernel: [ 8430.910729] device vif17.0 > entered promiscuous mode > > May 20 13:29:32 xen-1 kernel: [ 8430.920869] xenbr0: port > 2(vif17.0) entering learning state > > May 20 13:29:33 xen-1 kernel: [ 8431.866548] blkback: ring-ref > 8, event-channel 13, protocol 1 (x86_64-abi) > > May 20 13:29:33 xen-1 kernel: [ 8431.894288] blkback: ring-ref > 9, event-channel 14, protocol 1 (x86_64-abi) > > May 20 13:29:47 xen-1 kernel: [ 8445.916079] xenbr0: port > 2(vif17.0) entering forwarding state > > *From:*Jan Hejl [mailto:jh@excello.cz] > *Sent:* 20 May 2013 13:35 > *To:* Simon Jones > *Cc:* xen-users@lists.xen.org <mailto:xen-users@lists.xen.org> > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > Thanks. So Debian domU works, that''s good to know. > > Can you please post "ipconfig /all" from Windows 8 domU? Can > you also please check your logs (/var/log/xen/qemu-..., dmesg, > syslog, windows event viewer) for errors? > > Dne 20.5.2013 14:23, Simon Jones napsal(a): > > ID 7 is a debian test vm I set up, I just reconfigured the > networking on it and rebooted, now this one can ping dom0 > static IP and receives a reply. No reply when I try and > ping the other windows guest, also get a reply when > pinging the default gateway, all are on the same network. > > root@test-pv:~# ifconfig > > eth0 Link encap:Ethernet HWaddr 00:16:3e:14:d8:42 > > inet addr:195.2.139.213 Bcast:195.2.139.255 > Mask:255.255.255.0 > > inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:545 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:36 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:29480 (28.7 KiB) TX bytes:3016 (2.9 KiB) > > Interrupt:17 > > *From:*Jan Hejl [mailto:jh@excello.cz] > *Sent:* 20 May 2013 13:15 > *To:* Simon Jones > *Cc:* xen-users@lists.xen.org <mailto:xen-users@lists.xen.org> > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > I suppose domU ID you described is 7, isn''t it? Is the > other domU - id 14 - able to reach the dom0 with ping? > > Dne 20.5.2013 14:09, Simon Jones napsal(a): > > Hi Jan, > > Thanks -- I should have included that but here you go; > > bridge name bridge id STP enabled > interfaces > > xenbr0 8000.00e081465f38 no eth1 > > tap14.0 > > vif14.0 > > vif7.0 > > *From:*xen-users-bounces@lists.xen.org > <mailto:xen-users-bounces@lists.xen.org> > [mailto:xen-users-bounces@lists.xen.org] *On Behalf Of > *Jan Hejl > *Sent:* 20 May 2013 12:52 > *To:* xen-users@lists.xen.org > <mailto:xen-users@lists.xen.org> > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > Hi Simon, > > what does "brctl show" show? It should show xenbr0 and > some vifX.Y (which is domU interface) device. > > Jan > > Dne 20.5.2013 13:36, Simon Jones napsal(a): > > Hi, I have a new xen hosting platform. I have > given the bridge a static IP which I can ping/ssh > to etc, when I create a new vm all works well > apart from the networking. If I give DomU a > static IP I can''t ping out from the box, Dom0 > can''t ping the vm. I''m suspecting it just isn''t > seeing the bridge but am unsure where to start > looking. This is a very standard setup, 1 bridge: > xenbr0 > > Here''s a config file for a windows guest but I get > the same with windows or debian guests. > > cat windows8.cfg > > kernel = "/usr/lib/xen-4.0/boot/hvmloader" > > builder=''hvm'' > > memory = 4096 > > vcpus=1 > > name = "Windows8" > > vif = [''bridge=xenbr0''] > > disk > [''phy:/dev/vg0/windows8,hda,w'',''file:/usr/src/windows8_x64.iso,hdc:cdrom,r > <file:///%5C%5C%5C%5C%5C%5C%5C%5C%5C%5Cusr%5Csrc%5Cwindows8_x64.iso,hdc:cdrom,r>''] > > acpi = 1 > > device_model = ''qemu-dm'' > > boot="d" > > sdl=0 > > serial=''pty'' > > vnc=1 > > vnclisten="0.0.0.0" > > vncpasswd="" > > usbdevice=''tablet'' > > > > > > > > > _______________________________________________ > > Xen-users mailing list > > Xen-users@lists.xen.org <mailto:Xen-users@lists.xen.org> > > http://lists.xen.org/xen-users >_______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
195.2.139.0 0.0.0.0 255.255.255.0 U 0 0 0 xenbr0
0.0.0.0 195.2.139.1 0.0.0.0 UG 0 0 0 xenbr0
#ip route
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.4
195.2.139.0/24 dev xenbr0 proto kernel scope link src 195.2.139.4
default via 195.2.139.1 dev xenbr0
From: Jan Hejl [mailto:jh@excello.cz]
Sent: 20 May 2013 14:35
To: Simon Jones
Cc: xen-users@lists.xen.org
Subject: Re: [Xen-users] xenbr0 / domU static IPs
No you don''t have to, for now. Firewall looks clear, contains only
irrelevant rules.
It''s definately a network problem. Probably on dom0. Can you please
check your dom0 routing table? With:
ip route show
And how is the eth1 on dom0 configured?
Dne 20.5.2013 15:25, Simon Jones napsal(a):
No firewall in the way;
root@xen-1:/etc/xen/scripts# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere PHYSDEV match
--physdev-out vif4.0 --physdev-is-bridged
ACCEPT udp -- anywhere anywhere PHYSDEV match
--physdev-in vif4.0 --physdev-is-bridged udp spt:bootpc dpt:bootps
ACCEPT all -- anywhere anywhere PHYSDEV match
--physdev-out vif4.0 --physdev-is-bridged
ACCEPT all -- 10.0.0.101 anywhere PHYSDEV match
--physdev-in vif4.0 --physdev-is-bridged
ACCEPT all -- anywhere anywhere PHYSDEV match
--physdev-out vif3.0 --physdev-is-bridged
ACCEPT all -- anywhere anywhere PHYSDEV match
--physdev-in vif3.0 --physdev-is-bridged
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
it looks like it''s remembered a 10.0.0 address from when I set it up
and hooked it in to the office dhcp server though, I''ll tidy that
later.
It''s my network so there are no weird routing or blocked mac addresses
other than the security stuff on the routers and core switches.
Do I have to restart Dom0 when changing the ip forwarding?
From: Jan Hejl [mailto:jh@excello.cz]
Sent: 20 May 2013 14:20
To: Simon Jones
Cc: xen-users@lists.xen.org<mailto:xen-users@lists.xen.org>
Subject: Re: [Xen-users] xenbr0 / domU static IPs
Weird. What about your firewall? Specially FORWARD chain. Is somethnig there
what can block traffic?
Are you sure that there''s nothing (router / switch) that can block your
traffic? Some hosting providers allow traffic only from dom0 MAC address
everything else is dropped. Then you should set up routed network inside you
dom0.
Dne 20.5.2013 15:09, Simon Jones napsal(a):
Aha! It''s set to 0,
echo "1"> /proc/sys/net/ipv4/ip_forward has changed it to 1, still
can''t ping anything other than Dom0 ip on both guests though.
From: Jan Hejl [mailto:jh@excello.cz]
Sent: 20 May 2013 14:02
To: Simon Jones
Cc: xen-users@lists.xen.org<mailto:xen-users@lists.xen.org>
Subject: Re: [Xen-users] xenbr0 / domU static IPs
Thanks. It''s more clearer now. :)
What "/proc/sys/net/ipv4/ip_forward" contains? 0 or 1? Should be set
to 1.
Dne 20.5.2013 14:57, Simon Jones napsal(a):
The windows guest can also ping dom0 but again, can''t ping the gateway
or anything else other than Dom0''s IP. I can only get vnc to the
windows machine and as such can''t copy/paste the output from ipconfig
/all but it is all correct, static IP 195.2.139.196 / 255.255.255.0 / gateway
195.2.139.1 and our public recursor dns servers 195.2.130.8 / 200, should I
check for something in particular?
Here''s how dom0 is configured;
# The loopback interface
auto lo
iface lo inet loopback
# Bridge Static Configuration
# (network, broadcast and gateway are optional)
auto xenbr0
iface xenbr0 inet static
bridge_ports eth1
address 195.2.139.4
broadcast 195.2.139.255
netmask 255.255.255.0
network 195.2.139.0
gateway 195.2.139.1
#Eth0 Static Configuration
auto eth0
iface eth0 inet static
address 192.168.2.4
netmask 255.255.255.0
Eth1 is the public port on the WAN and Eth0 is just our back-end admin lan so
you can ignore that. Dom0 works great, I can ping our and resolve DNS, ssh in
from my office, all good. The DomU''s just aren''t picking up
the default gateway by the looks of it but CAN ping and reply to Dom0''s
IP 195.2.139.4
When I try and ping the gateway 195.2.139.1 from the debian vm I get
From 195.2.139.170 icmp_seq=684 Destination Host Unreachable
195.2.139.170 is the static Ip given to the debian vm;
root@test-pv:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3e:14:d8:42
inet addr:195.2.139.170 Bcast:195.2.139.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3126 errors:0 dropped:0 overruns:0 frame:0
TX packets:902 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:171271 (167.2 KiB) TX bytes:85980 (83.9 KiB)
Interrupt:17
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:672 (672.0 B) TX bytes:672 (672.0 B)
Here''s some stuff from /var/log/messages so the bridge seems ok;
May 20 13:28:29 xen-1 kernel: [ 8367.944038] xenbr0: port 2(vif16.0) entering
forwarding state
May 20 13:29:06 xen-1 kernel: [ 8403.989601] xenbr0: port 2(vif16.0) entering
disabled state
May 20 13:29:06 xen-1 kernel: [ 8404.017006] xenbr0: port 2(vif16.0) entering
disabled state
May 20 13:29:32 xen-1 kernel: [ 8430.910729] device vif17.0 entered promiscuous
mode
May 20 13:29:32 xen-1 kernel: [ 8430.920869] xenbr0: port 2(vif17.0) entering
learning state
May 20 13:29:33 xen-1 kernel: [ 8431.866548] blkback: ring-ref 8, event-channel
13, protocol 1 (x86_64-abi)
May 20 13:29:33 xen-1 kernel: [ 8431.894288] blkback: ring-ref 9, event-channel
14, protocol 1 (x86_64-abi)
May 20 13:29:47 xen-1 kernel: [ 8445.916079] xenbr0: port 2(vif17.0) entering
forwarding state
From: Jan Hejl [mailto:jh@excello.cz]
Sent: 20 May 2013 13:35
To: Simon Jones
Cc: xen-users@lists.xen.org<mailto:xen-users@lists.xen.org>
Subject: Re: [Xen-users] xenbr0 / domU static IPs
Thanks. So Debian domU works, that''s good to know.
Can you please post "ipconfig /all" from Windows 8 domU? Can you also
please check your logs (/var/log/xen/qemu-..., dmesg, syslog, windows event
viewer) for errors?
Dne 20.5.2013 14:23, Simon Jones napsal(a):
ID 7 is a debian test vm I set up, I just reconfigured the networking on it and
rebooted, now this one can ping dom0 static IP and receives a reply. No reply
when I try and ping the other windows guest, also get a reply when pinging the
default gateway, all are on the same network.
root@test-pv:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3e:14:d8:42
inet addr:195.2.139.213 Bcast:195.2.139.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:545 errors:0 dropped:0 overruns:0 frame:0
TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:29480 (28.7 KiB) TX bytes:3016 (2.9 KiB)
Interrupt:17
From: Jan Hejl [mailto:jh@excello.cz]
Sent: 20 May 2013 13:15
To: Simon Jones
Cc: xen-users@lists.xen.org<mailto:xen-users@lists.xen.org>
Subject: Re: [Xen-users] xenbr0 / domU static IPs
I suppose domU ID you described is 7, isn''t it? Is the other domU - id
14 - able to reach the dom0 with ping?
Dne 20.5.2013 14:09, Simon Jones napsal(a):
Hi Jan,
Thanks - I should have included that but here you go;
bridge name bridge id STP enabled interfaces
xenbr0 8000.00e081465f38 no eth1
tap14.0
vif14.0
vif7.0
From:
xen-users-bounces@lists.xen.org<mailto:xen-users-bounces@lists.xen.org>
[mailto:xen-users-bounces@lists.xen.org] On Behalf Of Jan Hejl
Sent: 20 May 2013 12:52
To: xen-users@lists.xen.org<mailto:xen-users@lists.xen.org>
Subject: Re: [Xen-users] xenbr0 / domU static IPs
Hi Simon,
what does "brctl show" show? It should show xenbr0 and some vifX.Y
(which is domU interface) device.
Jan
Dne 20.5.2013 13:36, Simon Jones napsal(a):
Hi, I have a new xen hosting platform. I have given the bridge a static IP
which I can ping/ssh to etc, when I create a new vm all works well apart from
the networking. If I give DomU a static IP I can''t ping out from the
box, Dom0 can''t ping the vm. I''m suspecting it just
isn''t seeing the bridge but am unsure where to start looking. This is
a very standard setup, 1 bridge: xenbr0
Here''s a config file for a windows guest but I get the same with
windows or debian guests.
cat windows8.cfg
kernel = "/usr/lib/xen-4.0/boot/hvmloader"
builder=''hvm''
memory = 4096
vcpus=1
name = "Windows8"
vif = [''bridge=xenbr0'']
disk =
[''phy:/dev/vg0/windows8,hda,w'',''file:/usr/src/windows8_x64.iso,hdc:cdrom,r<file:///\\%5C%5C%5C%5C%5C%5C%5C%5C%5C%5Cusr%5Csrc%5Cwindows8_x64.iso,hdc:cdrom,r>'']
acpi = 1
device_model = ''qemu-dm''
boot="d"
sdl=0
serial=''pty''
vnc=1
vnclisten="0.0.0.0"
vncpasswd=""
usbdevice=''tablet''
_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org<mailto:Xen-users@lists.xen.org>
http://lists.xen.org/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users
So far so good. And eth1 configuration? Did you try tcpdump on dom0 to see what''s happening there when you''re pinging from domU? Dne 20.5.2013 15:38, Simon Jones napsal(a):> > #route --n > > Kernel IP routing table > > Destination Gateway Genmask Flags Metric Ref Use Iface > > 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > > 195.2.139.0 0.0.0.0 255.255.255.0 U 0 0 0 xenbr0 > > 0.0.0.0 195.2.139.1 0.0.0.0 UG 0 0 0 xenbr0 > > #ip route > > 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.4 > > 195.2.139.0/24 dev xenbr0 proto kernel scope link src 195.2.139.4 > > default via 195.2.139.1 dev xenbr0 > > *From:*Jan Hejl [mailto:jh@excello.cz] > *Sent:* 20 May 2013 14:35 > *To:* Simon Jones > *Cc:* xen-users@lists.xen.org > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > No you don''t have to, for now. Firewall looks clear, contains only > irrelevant rules. > > It''s definately a network problem. Probably on dom0. Can you please > check your dom0 routing table? With: > > > ip route show > > > And how is the eth1 on dom0 configured? > > Dne 20.5.2013 15:25, Simon Jones napsal(a): > > No firewall in the way; > > root@xen-1:/etc/xen/scripts# iptables -L > > Chain INPUT (policy ACCEPT) > > target prot opt source destination > > Chain FORWARD (policy ACCEPT) > > target prot opt source destination > > ACCEPT all -- anywhere anywhere PHYSDEV > match --physdev-out vif4.0 --physdev-is-bridged > > ACCEPT udp -- anywhere anywhere PHYSDEV > match --physdev-in vif4.0 --physdev-is-bridged udp spt:bootpc > dpt:bootps > > ACCEPT all -- anywhere anywhere PHYSDEV > match --physdev-out vif4.0 --physdev-is-bridged > > ACCEPT all -- 10.0.0.101 anywhere PHYSDEV > match --physdev-in vif4.0 --physdev-is-bridged > > ACCEPT all -- anywhere anywhere PHYSDEV > match --physdev-out vif3.0 --physdev-is-bridged > > ACCEPT all -- anywhere anywhere PHYSDEV > match --physdev-in vif3.0 --physdev-is-bridged > > Chain OUTPUT (policy ACCEPT) > > target prot opt source destination > > it looks like it''s remembered a 10.0.0 address from when I set it > up and hooked it in to the office dhcp server though, I''ll tidy > that later. > > It''s my network so there are no weird routing or blocked mac > addresses other than the security stuff on the routers and core > switches. > > Do I have to restart Dom0 when changing the ip forwarding? > > *From:*Jan Hejl [mailto:jh@excello.cz] > *Sent:* 20 May 2013 14:20 > *To:* Simon Jones > *Cc:* xen-users@lists.xen.org <mailto:xen-users@lists.xen.org> > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > Weird. What about your firewall? Specially FORWARD chain. Is > somethnig there what can block traffic? > > Are you sure that there''s nothing (router / switch) that can block > your traffic? Some hosting providers allow traffic only from dom0 > MAC address everything else is dropped. Then you should set up > routed network inside you dom0. > > Dne 20.5.2013 15:09, Simon Jones napsal(a): > > Aha! It''s set to 0, > > echo "1"> /proc/sys/net/ipv4/ip_forward has changed it to 1, > still can''t ping anything other than Dom0 ip on both guests > though. > > *From:*Jan Hejl [mailto:jh@excello.cz] > *Sent:* 20 May 2013 14:02 > *To:* Simon Jones > *Cc:* xen-users@lists.xen.org <mailto:xen-users@lists.xen.org> > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > Thanks. It''s more clearer now. :) > > What "/proc/sys/net/ipv4/ip_forward" contains? 0 or 1? Should > be set to 1. > > Dne 20.5.2013 14:57, Simon Jones napsal(a): > > The windows guest can also ping dom0 but again, can''t ping > the gateway or anything else other than Dom0''s IP. I can > only get vnc to the windows machine and as such can''t > copy/paste the output from ipconfig /all but it is all > correct, static IP 195.2.139.196 / 255.255.255.0 / gateway > 195.2.139.1 and our public recursor dns servers > 195.2.130.8 / 200, should I check for something in particular? > > Here''s how dom0 is configured; > > # The loopback interface > > auto lo > > iface lo inet loopback > > # Bridge Static Configuration > > # (network, broadcast and gateway are optional) > > auto xenbr0 > > iface xenbr0 inet static > > bridge_ports eth1 > > address 195.2.139.4 > > broadcast 195.2.139.255 > > netmask 255.255.255.0 > > network 195.2.139.0 > > gateway 195.2.139.1 > > #Eth0 Static Configuration > > auto eth0 > > iface eth0 inet static > > address 192.168.2.4 > > netmask 255.255.255.0 > > Eth1 is the public port on the WAN and Eth0 is just our > back-end admin lan so you can ignore that. Dom0 works > great, I can ping our and resolve DNS, ssh in from my > office, all good. The DomU''s just aren''t picking up the > default gateway by the looks of it but CAN ping and reply > to Dom0''s IP 195.2.139.4 > > When I try and ping the gateway 195.2.139.1 from the > debian vm I get > > From 195.2.139.170 icmp_seq=684 Destination Host Unreachable > > 195.2.139.170 is the static Ip given to the debian vm; > > root@test-pv:~# ifconfig > > eth0 Link encap:Ethernet HWaddr 00:16:3e:14:d8:42 > > inet addr:195.2.139.170 Bcast:195.2.139.255 > Mask:255.255.255.0 > > inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:3126 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:902 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:171271 (167.2 KiB) TX bytes:85980 > (83.9 KiB) > > Interrupt:17 > > lo Link encap:Local Loopback > > inet addr:127.0.0.1 Mask:255.0.0.0 > > inet6 addr: ::1/128 Scope:Host > > UP LOOPBACK RUNNING MTU:16436 Metric:1 > > RX packets:6 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:672 (672.0 B) TX bytes:672 (672.0 B) > > Here''s some stuff from /var/log/messages so the bridge > seems ok; > > May 20 13:28:29 xen-1 kernel: [ 8367.944038] xenbr0: port > 2(vif16.0) entering forwarding state > > May 20 13:29:06 xen-1 kernel: [ 8403.989601] xenbr0: port > 2(vif16.0) entering disabled state > > May 20 13:29:06 xen-1 kernel: [ 8404.017006] xenbr0: port > 2(vif16.0) entering disabled state > > May 20 13:29:32 xen-1 kernel: [ 8430.910729] device > vif17.0 entered promiscuous mode > > May 20 13:29:32 xen-1 kernel: [ 8430.920869] xenbr0: port > 2(vif17.0) entering learning state > > May 20 13:29:33 xen-1 kernel: [ 8431.866548] blkback: > ring-ref 8, event-channel 13, protocol 1 (x86_64-abi) > > May 20 13:29:33 xen-1 kernel: [ 8431.894288] blkback: > ring-ref 9, event-channel 14, protocol 1 (x86_64-abi) > > May 20 13:29:47 xen-1 kernel: [ 8445.916079] xenbr0: port > 2(vif17.0) entering forwarding state > > *From:*Jan Hejl [mailto:jh@excello.cz] > *Sent:* 20 May 2013 13:35 > *To:* Simon Jones > *Cc:* xen-users@lists.xen.org <mailto:xen-users@lists.xen.org> > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > Thanks. So Debian domU works, that''s good to know. > > Can you please post "ipconfig /all" from Windows 8 domU? > Can you also please check your logs > (/var/log/xen/qemu-..., dmesg, syslog, windows event > viewer) for errors? > > Dne 20.5.2013 14:23, Simon Jones napsal(a): > > ID 7 is a debian test vm I set up, I just reconfigured > the networking on it and rebooted, now this one can > ping dom0 static IP and receives a reply. No reply > when I try and ping the other windows guest, also get > a reply when pinging the default gateway, all are on > the same network. > > root@test-pv:~# ifconfig > > eth0 Link encap:Ethernet HWaddr 00:16:3e:14:d8:42 > > inet addr:195.2.139.213 Bcast:195.2.139.255 > Mask:255.255.255.0 > > inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:545 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:36 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:29480 (28.7 KiB) TX bytes:3016 > (2.9 KiB) > > Interrupt:17 > > *From:*Jan Hejl [mailto:jh@excello.cz] > *Sent:* 20 May 2013 13:15 > *To:* Simon Jones > *Cc:* xen-users@lists.xen.org > <mailto:xen-users@lists.xen.org> > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > I suppose domU ID you described is 7, isn''t it? Is the > other domU - id 14 - able to reach the dom0 with ping? > > Dne 20.5.2013 14:09, Simon Jones napsal(a): > > Hi Jan, > > Thanks -- I should have included that but here you go; > > bridge name bridge id STP > enabled interfaces > > xenbr0 8000.00e081465f38 no eth1 > > tap14.0 > > vif14.0 > > vif7.0 > > *From:*xen-users-bounces@lists.xen.org > <mailto:xen-users-bounces@lists.xen.org> > [mailto:xen-users-bounces@lists.xen.org] *On > Behalf Of *Jan Hejl > *Sent:* 20 May 2013 12:52 > *To:* xen-users@lists.xen.org > <mailto:xen-users@lists.xen.org> > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > Hi Simon, > > what does "brctl show" show? It should show xenbr0 > and some vifX.Y (which is domU interface) device. > > Jan > > Dne 20.5.2013 13:36, Simon Jones napsal(a): > > Hi, I have a new xen hosting platform. I > have given the bridge a static IP which I can > ping/ssh to etc, when I create a new vm all > works well apart from the networking. If I > give DomU a static IP I can''t ping out from > the box, Dom0 can''t ping the vm. I''m > suspecting it just isn''t seeing the bridge but > am unsure where to start looking. This is a > very standard setup, 1 bridge: xenbr0 > > Here''s a config file for a windows guest but I > get the same with windows or debian guests. > > cat windows8.cfg > > kernel = "/usr/lib/xen-4.0/boot/hvmloader" > > builder=''hvm'' > > memory = 4096 > > vcpus=1 > > name = "Windows8" > > vif = [''bridge=xenbr0''] > > disk > [''phy:/dev/vg0/windows8,hda,w'',''file:/usr/src/windows8_x64.iso,hdc:cdrom,r > <file:///%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5Cusr%5Csrc%5Cwindows8_x64.iso,hdc:cdrom,r>''] > > acpi = 1 > > device_model = ''qemu-dm'' > > boot="d" > > sdl=0 > > serial=''pty'' > > vnc=1 > > vnclisten="0.0.0.0" > > vncpasswd="" > > usbdevice=''tablet'' > > > > > > > > > > _______________________________________________ > > Xen-users mailing list > > Xen-users@lists.xen.org <mailto:Xen-users@lists.xen.org> > > http://lists.xen.org/xen-users >_______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
Am 20.05.2013 um 15:09 schrieb Simon Jones:> Aha! It’s set to 0, > > echo "1"> /proc/sys/net/ipv4/ip_forward has changed it to 1, still can’t ping anything other than Dom0 ip on both guests though. >For bridging only setup this should be "0" as no routing happens. But it seems you are running into a routing rpoblem with your eth0 as it "grabs" the whole network you expect "inside" your dom0 and/or your bridge network. Try to disable eth0 completely (should be have no ip and route) for testing your Dom0/domU networking or give him another IP (your admin network is in another physical network and should have another IP. In this case you need routes and ip_forward on again. hth, best regards, Niels.
On 20/05/13 23:09, Simon Jones wrote:> > Aha! It''s set to 0, > > > > echo "1"> /proc/sys/net/ipv4/ip_forward has changed it to 1, still > can''t ping anything other than Dom0 ip on both guests though. > > > >That is not needed for a bridge, only for routed connections. The same for iptables, it shouldn''t apply to the bridge. I think there is another tool ebtables or similar which will do filtering of traffic across a bridge, but you should know if you have configured that. Try the following from dom0: tcpdump -tn -i xenbr0 host <ip of domu> Then, from the domu, ping the gateway IP That should show whether the dom0 is seeing the traffic from the domU ... if you don''t see the traffic on the bridge, then try the vif interface for the domU, if you still don''t see the traffic, then it is a domU issue. Also, check the output of "route -n" (linux) or "route print" (windows) from the domU Regards, Adam -- Adam Goryachev Website Managers www.websitemanagers.com.au _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
It looks like one of my network admins has carved up this address space and
pointed the numbers I was trying to use elsewhere, I''m getting them to
find out what''s going on. Anyway, I changed the static IP to 139.25
ifdown eth0 && ifup eth0 and hey presto, can ping out and all is good!
Thanks for your help guys, really appreciated.
From: Jan Hejl [mailto:jh@excello.cz]
Sent: 20 May 2013 14:42
To: Simon Jones
Cc: xen-users@lists.xen.org
Subject: Re: [Xen-users] xenbr0 / domU static IPs
So far so good. And eth1 configuration?
Did you try tcpdump on dom0 to see what''s happening there when
you''re pinging from domU?
Dne 20.5.2013 15:38, Simon Jones napsal(a):
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
195.2.139.0 0.0.0.0 255.255.255.0 U 0 0 0 xenbr0
0.0.0.0 195.2.139.1 0.0.0.0 UG 0 0 0 xenbr0
#ip route
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.4
195.2.139.0/24 dev xenbr0 proto kernel scope link src 195.2.139.4
default via 195.2.139.1 dev xenbr0
From: Jan Hejl [mailto:jh@excello.cz]
Sent: 20 May 2013 14:35
To: Simon Jones
Cc: xen-users@lists.xen.org<mailto:xen-users@lists.xen.org>
Subject: Re: [Xen-users] xenbr0 / domU static IPs
No you don''t have to, for now. Firewall looks clear, contains only
irrelevant rules.
It''s definately a network problem. Probably on dom0. Can you please
check your dom0 routing table? With:
ip route show
And how is the eth1 on dom0 configured?
Dne 20.5.2013 15:25, Simon Jones napsal(a):
No firewall in the way;
root@xen-1:/etc/xen/scripts# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere PHYSDEV match
--physdev-out vif4.0 --physdev-is-bridged
ACCEPT udp -- anywhere anywhere PHYSDEV match
--physdev-in vif4.0 --physdev-is-bridged udp spt:bootpc dpt:bootps
ACCEPT all -- anywhere anywhere PHYSDEV match
--physdev-out vif4.0 --physdev-is-bridged
ACCEPT all -- 10.0.0.101 anywhere PHYSDEV match
--physdev-in vif4.0 --physdev-is-bridged
ACCEPT all -- anywhere anywhere PHYSDEV match
--physdev-out vif3.0 --physdev-is-bridged
ACCEPT all -- anywhere anywhere PHYSDEV match
--physdev-in vif3.0 --physdev-is-bridged
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
it looks like it''s remembered a 10.0.0 address from when I set it up
and hooked it in to the office dhcp server though, I''ll tidy that
later.
It''s my network so there are no weird routing or blocked mac addresses
other than the security stuff on the routers and core switches.
Do I have to restart Dom0 when changing the ip forwarding?
From: Jan Hejl [mailto:jh@excello.cz]
Sent: 20 May 2013 14:20
To: Simon Jones
Cc: xen-users@lists.xen.org<mailto:xen-users@lists.xen.org>
Subject: Re: [Xen-users] xenbr0 / domU static IPs
Weird. What about your firewall? Specially FORWARD chain. Is somethnig there
what can block traffic?
Are you sure that there''s nothing (router / switch) that can block your
traffic? Some hosting providers allow traffic only from dom0 MAC address
everything else is dropped. Then you should set up routed network inside you
dom0.
Dne 20.5.2013 15:09, Simon Jones napsal(a):
Aha! It''s set to 0,
echo "1"> /proc/sys/net/ipv4/ip_forward has changed it to 1, still
can''t ping anything other than Dom0 ip on both guests though.
From: Jan Hejl [mailto:jh@excello.cz]
Sent: 20 May 2013 14:02
To: Simon Jones
Cc: xen-users@lists.xen.org<mailto:xen-users@lists.xen.org>
Subject: Re: [Xen-users] xenbr0 / domU static IPs
Thanks. It''s more clearer now. :)
What "/proc/sys/net/ipv4/ip_forward" contains? 0 or 1? Should be set
to 1.
Dne 20.5.2013 14:57, Simon Jones napsal(a):
The windows guest can also ping dom0 but again, can''t ping the gateway
or anything else other than Dom0''s IP. I can only get vnc to the
windows machine and as such can''t copy/paste the output from ipconfig
/all but it is all correct, static IP 195.2.139.196 / 255.255.255.0 / gateway
195.2.139.1 and our public recursor dns servers 195.2.130.8 / 200, should I
check for something in particular?
Here''s how dom0 is configured;
# The loopback interface
auto lo
iface lo inet loopback
# Bridge Static Configuration
# (network, broadcast and gateway are optional)
auto xenbr0
iface xenbr0 inet static
bridge_ports eth1
address 195.2.139.4
broadcast 195.2.139.255
netmask 255.255.255.0
network 195.2.139.0
gateway 195.2.139.1
#Eth0 Static Configuration
auto eth0
iface eth0 inet static
address 192.168.2.4
netmask 255.255.255.0
Eth1 is the public port on the WAN and Eth0 is just our back-end admin lan so
you can ignore that. Dom0 works great, I can ping our and resolve DNS, ssh in
from my office, all good. The DomU''s just aren''t picking up
the default gateway by the looks of it but CAN ping and reply to Dom0''s
IP 195.2.139.4
When I try and ping the gateway 195.2.139.1 from the debian vm I get
From 195.2.139.170 icmp_seq=684 Destination Host Unreachable
195.2.139.170 is the static Ip given to the debian vm;
root@test-pv:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3e:14:d8:42
inet addr:195.2.139.170 Bcast:195.2.139.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3126 errors:0 dropped:0 overruns:0 frame:0
TX packets:902 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:171271 (167.2 KiB) TX bytes:85980 (83.9 KiB)
Interrupt:17
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:672 (672.0 B) TX bytes:672 (672.0 B)
Here''s some stuff from /var/log/messages so the bridge seems ok;
May 20 13:28:29 xen-1 kernel: [ 8367.944038] xenbr0: port 2(vif16.0) entering
forwarding state
May 20 13:29:06 xen-1 kernel: [ 8403.989601] xenbr0: port 2(vif16.0) entering
disabled state
May 20 13:29:06 xen-1 kernel: [ 8404.017006] xenbr0: port 2(vif16.0) entering
disabled state
May 20 13:29:32 xen-1 kernel: [ 8430.910729] device vif17.0 entered promiscuous
mode
May 20 13:29:32 xen-1 kernel: [ 8430.920869] xenbr0: port 2(vif17.0) entering
learning state
May 20 13:29:33 xen-1 kernel: [ 8431.866548] blkback: ring-ref 8, event-channel
13, protocol 1 (x86_64-abi)
May 20 13:29:33 xen-1 kernel: [ 8431.894288] blkback: ring-ref 9, event-channel
14, protocol 1 (x86_64-abi)
May 20 13:29:47 xen-1 kernel: [ 8445.916079] xenbr0: port 2(vif17.0) entering
forwarding state
From: Jan Hejl [mailto:jh@excello.cz]
Sent: 20 May 2013 13:35
To: Simon Jones
Cc: xen-users@lists.xen.org<mailto:xen-users@lists.xen.org>
Subject: Re: [Xen-users] xenbr0 / domU static IPs
Thanks. So Debian domU works, that''s good to know.
Can you please post "ipconfig /all" from Windows 8 domU? Can you also
please check your logs (/var/log/xen/qemu-..., dmesg, syslog, windows event
viewer) for errors?
Dne 20.5.2013 14:23, Simon Jones napsal(a):
ID 7 is a debian test vm I set up, I just reconfigured the networking on it and
rebooted, now this one can ping dom0 static IP and receives a reply. No reply
when I try and ping the other windows guest, also get a reply when pinging the
default gateway, all are on the same network.
root@test-pv:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3e:14:d8:42
inet addr:195.2.139.213 Bcast:195.2.139.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:545 errors:0 dropped:0 overruns:0 frame:0
TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:29480 (28.7 KiB) TX bytes:3016 (2.9 KiB)
Interrupt:17
From: Jan Hejl [mailto:jh@excello.cz]
Sent: 20 May 2013 13:15
To: Simon Jones
Cc: xen-users@lists.xen.org<mailto:xen-users@lists.xen.org>
Subject: Re: [Xen-users] xenbr0 / domU static IPs
I suppose domU ID you described is 7, isn''t it? Is the other domU - id
14 - able to reach the dom0 with ping?
Dne 20.5.2013 14:09, Simon Jones napsal(a):
Hi Jan,
Thanks - I should have included that but here you go;
bridge name bridge id STP enabled interfaces
xenbr0 8000.00e081465f38 no eth1
tap14.0
vif14.0
vif7.0
From:
xen-users-bounces@lists.xen.org<mailto:xen-users-bounces@lists.xen.org>
[mailto:xen-users-bounces@lists.xen.org] On Behalf Of Jan Hejl
Sent: 20 May 2013 12:52
To: xen-users@lists.xen.org<mailto:xen-users@lists.xen.org>
Subject: Re: [Xen-users] xenbr0 / domU static IPs
Hi Simon,
what does "brctl show" show? It should show xenbr0 and some vifX.Y
(which is domU interface) device.
Jan
Dne 20.5.2013 13:36, Simon Jones napsal(a):
Hi, I have a new xen hosting platform. I have given the bridge a static IP
which I can ping/ssh to etc, when I create a new vm all works well apart from
the networking. If I give DomU a static IP I can''t ping out from the
box, Dom0 can''t ping the vm. I''m suspecting it just
isn''t seeing the bridge but am unsure where to start looking. This is
a very standard setup, 1 bridge: xenbr0
Here''s a config file for a windows guest but I get the same with
windows or debian guests.
cat windows8.cfg
kernel = "/usr/lib/xen-4.0/boot/hvmloader"
builder=''hvm''
memory = 4096
vcpus=1
name = "Windows8"
vif = [''bridge=xenbr0'']
disk =
[''phy:/dev/vg0/windows8,hda,w'',''file:/usr/src/windows8_x64.iso,hdc:cdrom,r<file:///\\%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5Cusr%5Csrc%5Cwindows8_x64.iso,hdc:cdrom,r>'']
acpi = 1
device_model = ''qemu-dm''
boot="d"
sdl=0
serial=''pty''
vnc=1
vnclisten="0.0.0.0"
vncpasswd=""
usbdevice=''tablet''
_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org<mailto:Xen-users@lists.xen.org>
http://lists.xen.org/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users
And that''s where the ghost comes alive :-D Dne 20.5.2013 15:47, Simon Jones napsal(a):> > It looks like one of my network admins has carved up this address > space and pointed the numbers I was trying to use elsewhere, I''m > getting them to find out what''s going on. Anyway, I changed the > static IP to 139.25 ifdown eth0 && ifup eth0 and hey presto, can ping > out and all is good! Thanks for your help guys, really appreciated. > > *From:*Jan Hejl [mailto:jh@excello.cz] > *Sent:* 20 May 2013 14:42 > *To:* Simon Jones > *Cc:* xen-users@lists.xen.org > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > So far so good. And eth1 configuration? > > Did you try tcpdump on dom0 to see what''s happening there when you''re > pinging from domU? > > Dne 20.5.2013 15:38, Simon Jones napsal(a): > > #route --n > > Kernel IP routing table > > Destination Gateway Genmask Flags Metric Ref > Use Iface > > 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 > 0 eth0 > > 195.2.139.0 0.0.0.0 255.255.255.0 U 0 0 > 0 xenbr0 > > 0.0.0.0 195.2.139.1 0.0.0.0 UG 0 0 0 xenbr0 > > #ip route > > 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.4 > > 195.2.139.0/24 dev xenbr0 proto kernel scope link src 195.2.139.4 > > default via 195.2.139.1 dev xenbr0 > > *From:*Jan Hejl [mailto:jh@excello.cz] > *Sent:* 20 May 2013 14:35 > *To:* Simon Jones > *Cc:* xen-users@lists.xen.org <mailto:xen-users@lists.xen.org> > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > No you don''t have to, for now. Firewall looks clear, contains only > irrelevant rules. > > It''s definately a network problem. Probably on dom0. Can you > please check your dom0 routing table? With: > > > > ip route show > > > And how is the eth1 on dom0 configured? > > Dne 20.5.2013 15:25, Simon Jones napsal(a): > > No firewall in the way; > > root@xen-1:/etc/xen/scripts# iptables -L > > Chain INPUT (policy ACCEPT) > > target prot opt source destination > > Chain FORWARD (policy ACCEPT) > > target prot opt source destination > > ACCEPT all -- anywhere anywhere PHYSDEV match > --physdev-out vif4.0 --physdev-is-bridged > > ACCEPT udp -- anywhere anywhere PHYSDEV match > --physdev-in vif4.0 --physdev-is-bridged udp spt:bootpc > dpt:bootps > > ACCEPT all -- anywhere anywhere PHYSDEV match > --physdev-out vif4.0 --physdev-is-bridged > > ACCEPT all -- 10.0.0.101 anywhere PHYSDEV match > --physdev-in vif4.0 --physdev-is-bridged > > ACCEPT all -- anywhere anywhere PHYSDEV match > --physdev-out vif3.0 --physdev-is-bridged > > ACCEPT all -- anywhere anywhere PHYSDEV match > --physdev-in vif3.0 --physdev-is-bridged > > Chain OUTPUT (policy ACCEPT) > > target prot opt source destination > > it looks like it''s remembered a 10.0.0 address from when I set > it up and hooked it in to the office dhcp server though, I''ll > tidy that later. > > It''s my network so there are no weird routing or blocked mac > addresses other than the security stuff on the routers and > core switches. > > Do I have to restart Dom0 when changing the ip forwarding? > > *From:*Jan Hejl [mailto:jh@excello.cz] > *Sent:* 20 May 2013 14:20 > *To:* Simon Jones > *Cc:* xen-users@lists.xen.org <mailto:xen-users@lists.xen.org> > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > Weird. What about your firewall? Specially FORWARD chain. Is > somethnig there what can block traffic? > > Are you sure that there''s nothing (router / switch) that can > block your traffic? Some hosting providers allow traffic only > from dom0 MAC address everything else is dropped. Then you > should set up routed network inside you dom0. > > Dne 20.5.2013 15:09, Simon Jones napsal(a): > > Aha! It''s set to 0, > > echo "1"> /proc/sys/net/ipv4/ip_forward has changed it to > 1, still can''t ping anything other than Dom0 ip on both > guests though. > > *From:*Jan Hejl [mailto:jh@excello.cz] > *Sent:* 20 May 2013 14:02 > *To:* Simon Jones > *Cc:* xen-users@lists.xen.org <mailto:xen-users@lists.xen.org> > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > Thanks. It''s more clearer now. :) > > What "/proc/sys/net/ipv4/ip_forward" contains? 0 or 1? > Should be set to 1. > > Dne 20.5.2013 14:57, Simon Jones napsal(a): > > The windows guest can also ping dom0 but again, can''t > ping the gateway or anything else other than Dom0''s > IP. I can only get vnc to the windows machine and as > such can''t copy/paste the output from ipconfig /all > but it is all correct, static IP 195.2.139.196 / > 255.255.255.0 / gateway 195.2.139.1 and our public > recursor dns servers 195.2.130.8 / 200, should I check > for something in particular? > > Here''s how dom0 is configured; > > # The loopback interface > > auto lo > > iface lo inet loopback > > # Bridge Static Configuration > > # (network, broadcast and gateway are optional) > > auto xenbr0 > > iface xenbr0 inet static > > bridge_ports eth1 > > address 195.2.139.4 > > broadcast 195.2.139.255 > > netmask 255.255.255.0 > > network 195.2.139.0 > > gateway 195.2.139.1 > > #Eth0 Static Configuration > > auto eth0 > > iface eth0 inet static > > address 192.168.2.4 > > netmask 255.255.255.0 > > Eth1 is the public port on the WAN and Eth0 is just > our back-end admin lan so you can ignore that. Dom0 > works great, I can ping our and resolve DNS, ssh in > from my office, all good. The DomU''s just aren''t > picking up the default gateway by the looks of it but > CAN ping and reply to Dom0''s IP 195.2.139.4 > > When I try and ping the gateway 195.2.139.1 from the > debian vm I get > > From 195.2.139.170 icmp_seq=684 Destination Host > Unreachable > > 195.2.139.170 is the static Ip given to the debian vm; > > root@test-pv:~# ifconfig > > eth0 Link encap:Ethernet HWaddr 00:16:3e:14:d8:42 > > inet addr:195.2.139.170 Bcast:195.2.139.255 > Mask:255.255.255.0 > > inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:3126 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:902 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:171271 (167.2 KiB) TX bytes:85980 > (83.9 KiB) > > Interrupt:17 > > lo Link encap:Local Loopback > > inet addr:127.0.0.1 Mask:255.0.0.0 > > inet6 addr: ::1/128 Scope:Host > > UP LOOPBACK RUNNING MTU:16436 Metric:1 > > RX packets:6 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:672 (672.0 B) TX bytes:672 (672.0 B) > > Here''s some stuff from /var/log/messages so the bridge > seems ok; > > May 20 13:28:29 xen-1 kernel: [ 8367.944038] xenbr0: > port 2(vif16.0) entering forwarding state > > May 20 13:29:06 xen-1 kernel: [ 8403.989601] xenbr0: > port 2(vif16.0) entering disabled state > > May 20 13:29:06 xen-1 kernel: [ 8404.017006] xenbr0: > port 2(vif16.0) entering disabled state > > May 20 13:29:32 xen-1 kernel: [ 8430.910729] device > vif17.0 entered promiscuous mode > > May 20 13:29:32 xen-1 kernel: [ 8430.920869] xenbr0: > port 2(vif17.0) entering learning state > > May 20 13:29:33 xen-1 kernel: [ 8431.866548] blkback: > ring-ref 8, event-channel 13, protocol 1 (x86_64-abi) > > May 20 13:29:33 xen-1 kernel: [ 8431.894288] blkback: > ring-ref 9, event-channel 14, protocol 1 (x86_64-abi) > > May 20 13:29:47 xen-1 kernel: [ 8445.916079] xenbr0: > port 2(vif17.0) entering forwarding state > > *From:*Jan Hejl [mailto:jh@excello.cz] > *Sent:* 20 May 2013 13:35 > *To:* Simon Jones > *Cc:* xen-users@lists.xen.org > <mailto:xen-users@lists.xen.org> > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > Thanks. So Debian domU works, that''s good to know. > > Can you please post "ipconfig /all" from Windows 8 > domU? Can you also please check your logs > (/var/log/xen/qemu-..., dmesg, syslog, windows event > viewer) for errors? > > Dne 20.5.2013 14:23, Simon Jones napsal(a): > > ID 7 is a debian test vm I set up, I just > reconfigured the networking on it and rebooted, > now this one can ping dom0 static IP and receives > a reply. No reply when I try and ping the other > windows guest, also get a reply when pinging the > default gateway, all are on the same network. > > root@test-pv:~# ifconfig > > eth0 Link encap:Ethernet HWaddr 00:16:3e:14:d8:42 > > inet addr:195.2.139.213 > Bcast:195.2.139.255 Mask:255.255.255.0 > > inet6 addr: fe80::216:3eff:fe14:d842/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:545 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:36 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:29480 (28.7 KiB) TX bytes:3016 > (2.9 KiB) > > Interrupt:17 > > *From:*Jan Hejl [mailto:jh@excello.cz] > *Sent:* 20 May 2013 13:15 > *To:* Simon Jones > *Cc:* xen-users@lists.xen.org > <mailto:xen-users@lists.xen.org> > *Subject:* Re: [Xen-users] xenbr0 / domU static IPs > > I suppose domU ID you described is 7, isn''t it? Is > the other domU - id 14 - able to reach the dom0 > with ping? > > Dne 20.5.2013 14:09, Simon Jones napsal(a): > > Hi Jan, > > Thanks -- I should have included that but here > you go; > > bridge name bridge id STP > enabled interfaces > > xenbr0 8000.00e081465f38 no > eth1 > > tap14.0 > > vif14.0 > > vif7.0 > > *From:*xen-users-bounces@lists.xen.org > <mailto:xen-users-bounces@lists.xen.org> > [mailto:xen-users-bounces@lists.xen.org] *On > Behalf Of *Jan Hejl > *Sent:* 20 May 2013 12:52 > *To:* xen-users@lists.xen.org > <mailto:xen-users@lists.xen.org> > *Subject:* Re: [Xen-users] xenbr0 / domU > static IPs > > Hi Simon, > > what does "brctl show" show? It should show > xenbr0 and some vifX.Y (which is domU > interface) device. > > Jan > > Dne 20.5.2013 13:36, Simon Jones napsal(a): > > Hi, I have a new xen hosting platform. I > have given the bridge a static IP which I > can ping/ssh to etc, when I create a new > vm all works well apart from the > networking. If I give DomU a static IP I > can''t ping out from the box, Dom0 can''t > ping the vm. I''m suspecting it just isn''t > seeing the bridge but am unsure where to > start looking. This is a very standard > setup, 1 bridge: xenbr0 > > Here''s a config file for a windows guest > but I get the same with windows or debian > guests. > > cat windows8.cfg > > kernel = "/usr/lib/xen-4.0/boot/hvmloader" > > builder=''hvm'' > > memory = 4096 > > vcpus=1 > > name = "Windows8" > > vif = [''bridge=xenbr0''] > > disk > [''phy:/dev/vg0/windows8,hda,w'',''file:/usr/src/windows8_x64.iso,hdc:cdrom,r > <file:///%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5Cusr%5Csrc%5Cwindows8_x64.iso,hdc:cdrom,r>''] > > acpi = 1 > > device_model = ''qemu-dm'' > > boot="d" > > sdl=0 > > serial=''pty'' > > vnc=1 > > vnclisten="0.0.0.0" > > vncpasswd="" > > usbdevice=''tablet'' > > > > > > > > > > > _______________________________________________ > > Xen-users mailing list > > Xen-users@lists.xen.org <mailto:Xen-users@lists.xen.org> > > http://lists.xen.org/xen-users >_______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users