| View previous topic :: View next topic |
| Author |
Message |
dalamar
Tux's lil' helper
Joined: 13 Mar 2004
Posts: 110
|
 Posted: Tue Feb 05, 2008 1:49 pm Post subject: XEN: Bridge Networking |
 |
|
Hi all,
I've got a problem with Xen Network Configuration.
I want to create a Bridge between domU interfaces and a Dummy Interface in dom0 and then route all traffic towards my wlan0 interface connected to Internet.
Xen seems to configure all in this way but my domU is isolated from the rest of the network.
This is my domU Network configuration:
| Code: | | vif=['type=ioemu,bridge=xenbr0'] |
This is my xend-config.sxp:
| Code: | (network-script 'network-bridge-dummy0 netdev=dummy0 bridge=xenbr0')
(vif-script vif-bridge) |
This is my resultant dom0 ifconfig:
| Code: |
dummy0 Link encap:Ethernet HWaddr EE:0D:86:B6:85:55
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::ec0d:86ff:feb6:8555/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:52 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:2428 (2.3 Kb)
eth0 Link encap:Ethernet HWaddr 00:1B:FC:CF:EE:82
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:23 Base address:0x4000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:58 errors:0 dropped:0 overruns:0 frame:0
TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5678 (5.5 Kb) TX bytes:5678 (5.5 Kb)
pdummy0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:51 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:2338 (2.2 Kb)
vif0.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:52 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2428 (2.3 Kb) TX bytes:0 (0.0 b)
vif1.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:48 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
wlan0 Link encap:Ethernet HWaddr 00:1B:11:09:A6:17
inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::21b:11ff:fe09:a617/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:188552 errors:0 dropped:26 overruns:26 frame:26
TX packets:150566 errors:0 dropped:20 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:129629523 (123.6 Mb) TX bytes:32095042 (30.6 Mb)
xenbr0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:52 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1700 (1.6 Kb) TX bytes:168 (168.0 b)
xenbr2000 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:258 (258.0 b) |
This domU ifconfig:
| Code: |
eth0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:10.0.0.2 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:2027 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1108 errors:0 dropped:0 overruns:0 frame:0
TX packets:1108 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:105062 (102.5 KB) TX bytes:105062 (102.5 KB)
|
This is my dom0 bridge configuration:
| Code: | bridge name bridge id STP enabled interfaces
xenbr0 8000.feffffffffff no vif0.0
pdummy0
vif1.0
xenbr2000 8000.000000000000 no |
xenbr2000 is a bridge created by xend on start because it misread wlan0 configuration.
Could Anyone help me to resolve this situation?
If I ping from dom0 to 10.0.0.2 I see (tcpdump) packets on all the bridge interfaces, If I ping from domU to 10.0.0.1 I can't see any packet on the bridge.
TIA,
Dalamar |
|
| Back to top |
|
 |
ebbeyes
n00b
Joined: 03 Sep 2005
Posts: 20
|
| Posted: Tue Feb 05, 2008 8:15 pm Post subject: |
|
|
I tried that setup but had problems so instead I did a brouted seup http://en.opensuse.org/Xen3_and_a_Virtual_Network then I used the PHYSDEV match support in iptables along with MASQUERADE to NAT the traffic to the wlan0 device (this may work with a dummy device as well)
| Quote: |
iptables -A FORWARD -m physdev --physdev-in <xenbr0 for brouter or dummy0> -j ACCEPT
iptables -A FORWARD -m physdev --physdev-out <xenbr0 for brouter or dummy0> -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.98.98.0/24 -j MASQUERADE
|
|
|
| Back to top |
|
|
jcat
Veteran
Joined: 26 May 2006
Posts: 1337
|
| Posted: Wed Feb 06, 2008 12:10 pm Post subject: |
|
|
I recently set-up a bridged network for some virtual machines running on VirtualBox, but I had the VBox guests on the same network range as the host.
I set up IPTables forwarding allow rules for the bridged interface to allow traffic from the guests IP. But the clincher for me was to add a rule to allow established and related traffic back to the bridged interface.
However, this is not masquerading (it's a traditional network bridge in that sense), just forwarding.
Cheers,
jcat |
|
| Back to top |
|
|
dalamar
Tux's lil' helper
Joined: 13 Mar 2004
Posts: 110
|
| Posted: Sun Apr 06, 2008 9:05 pm Post subject: |
|
|
| ebbeyes wrote: | I tried that setup but had problems so instead I did a brouted seup http://en.opensuse.org/Xen3_and_a_Virtual_Network then I used the PHYSDEV match support in iptables along with MASQUERADE to NAT the traffic to the wlan0 device (this may work with a dummy device as well)
| Quote: |
iptables -A FORWARD -m physdev --physdev-in <xenbr0 for brouter or dummy0> -j ACCEPT
iptables -A FORWARD -m physdev --physdev-out <xenbr0 for brouter or dummy0> -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.98.98.0/24 -j MASQUERADE
|
|
I finally make the same setup of that link 'cause I've discovered that:
| Quote: |
Packets coming from a standard bridge pass the firewall tables differently and will never be masqueraded. Unless you hack extra rules using ebtables which is what iptables is for routed traffic.
|
So my setup wasn't possible unless using extra ebtables rules.
Thanks all,
Dalamar |
|
| Back to top |
|
|
|
Networking & Security
