Nitromaroder
n00b
Joined: 24 Jul 2002
Posts: 25
Location: Munich / Germany
|
 Posted: Tue Jan 08, 2008 4:36 pm Post subject: XEN gentoo-domU network problem on gentoo-dom0 |
 |
|
Hello folks,
I have configured successfully (after a time) my gentoo-based XEN server. I do have two network interface cards - one is wireless, the other is wired. I am using xen-bridge.
My problem is, that para-virt. domU's network connection is kind of broken - the hvm-domU's are working fine. From a para-virt. domU I can ping outside, getting icmp echos replies, but if I want to "emerge --rsync" - it timeouts. Same for "wget http://somefile" - it connects, but then timeouts, after ages, also ssh outside my network does not work - same scenario here - connected to remote host, but then nothing happens. What I also noticed - my system has the "peth0" missing. And I think, the reason, why my hvm-domU network connections are working without a problem, is because "qemu" uses "tap[0-9]" interfaces.
here are first of all my configuration files:
/etc/conf.d/net:
| Quote: |
essid_ath0="asmodis"
modules=( "wpa_supplicant" )
wpa_supplicant_ath0="-Dmadwifi"
config_ath0=( "192.168.54.253/24" )
routes_ath0=( "default via 192.168.54.254" )
bridge_xenbr0="eth0"
config_eth0=( "null" )
config_xenbr0=( "192.168.55.253/24" )
brctl_xenbr0=( "stp off" )
|
/etc/xen/xend-config.sxp:
| Quote: |
# -*- sh -*-
(logfile /var/log/xen/xend.log)
(loglevel DEBUG)
(xen-api-server ((unix)))
(xend-http-server no)
(xend-unix-server yes)
(xend-tcp-xmlrpc-server no)
(xend-unix-xmlrpc-server yes)
(xend-relocation-server no)
(xend-port 8000)
(xend-relocation-port 8002)
(xend-address '')
(xend-relocation-address '')
(xend-relocation-hosts-allow '')
(console-limit 4096)
(network-script 'network-bridge netdev=eth0')
(vif-script vif-bridge)
(dom0-min-mem 512)
(dom0-cpus 0)
(enable-dump no)
(vnc-listen '0.0.0.0')
(vncpasswd '123')
(keymap 'en-us')
|
ifconfig -a:
| Quote: |
ath0 Link encap:Ethernet HWaddr 00:17:9A:C8:24:68
inet addr:192.168.54.253 Bcast:192.168.54.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:154 errors:0 dropped:0 overruns:0 frame:0
TX packets:135 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:25635 (25.0 Kb) TX bytes:49148 (47.9 Kb)
eth0 Link encap:Ethernet HWaddr 00:1D:7D:99:81:E8
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:23 Base address:0x8000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1756 (1.7 Kb) TX bytes:1756 (1.7 Kb)
tunl0 Link encap:IPIP Tunnel HWaddr
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
veth0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
veth1 ### I cut the details out here ###
veth2 ### I cut the details out here ###
veth3 ### I cut the details out here ###
vif0.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
vif0.1 ### I cut the details out here ###
vif0.2 ### I cut the details out here ###
vif0.3 ### I cut the details out here ###
wifi0 Link encap:UNSPEC HWaddr 00-17-9A-C8-24-68-60-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:486 errors:0 dropped:0 overruns:0 frame:96
TX packets:154 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:199
RX bytes:77946 (76.1 Kb) TX bytes:55934 (54.6 Kb)
Interrupt:21
xenbr0 Link encap:Ethernet HWaddr 00:1D:7D:99:81:E8
inet addr:192.168.55.253 Bcast:192.168.55.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:84 (84.0 b)
|
No "peth0" interface is there;
and my gentoo-domU.xen:
| Quote: |
# -*- mode: python; -*-
import os, re
kernel="/opt/xen/gentoo_domU_0/linux-2.6.20-xen-r6_domU_1"
memory = 512
shadow_memory = 8
name = "gentooP0"
vif = [ 'bridge=xenbr0, mac=00:1D:7D:99:81:F5' ]
disk = [ 'phy:/dev/mapper/xen1-crypt,hda1,w', 'phy:/dev/mapper/xen1-crypt-swap,hda2,w', 'phy:/dev/cdrom,hdc:cdrom,r' ]
serial='pty'
acpi=0
root='/dev/hda1 ro'
extra='3'
dhcp="on"
ip="192.168.55.249"
netmstak="255.255.255.0"
gateway="192.168.55.253"
hostname="gentoo0"
|
Finally, here is a fragment of my iptables.sh script:
| Quote: |
#!/bin/bash -x
IPTABLES="/sbin/iptables"
EXTIF="ath0" # wireless interface to asmodis router
INTIF="xenbr0" # xen bridge (eth0)
EXTNET="192.168.54.0/24"
INTNET="192.168.55.0/24"
### clean existing rules --- START ---
$IPTABLES -F
$IPTABLES -X
$IPTABLES -t nat -F
### clean existing rules --- END ---
#
### enable basic nat and forwarding --- START ---
$IPTABLES -t nat -A POSTROUTING -s $INTNET -o $EXTIF -j MASQUERADE
#$IPTABLES -A FORWARD -s $INTNET -i $INTIF -o $EXTIF -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -s $INTNET -o $EXTIF -m state --state NEW,ESTABLISHED -j ACCEPT
### enable basic nat and forwarding --- END ---
|
and the "brctl show" while running one hvm-domU and para-v-domU (reformatted):
| Quote: |
bridge name: xenbr0
bridge id: 8000.001d7d9981e8
STP enabled: no
interfaces:
eth0
vif1.0
tap0
vif2.0
|
here is vif1.0 together with tap0, since it is a hvm-domU, vif2.0 is alone (which it should be?), because of para-virt. domU.
and "iptables -nvL":
| Quote: |
Chain FORWARD (policy ACCEPT 1833K packets, 2558M bytes)
pkts bytes target prot opt in out source destination
51 6323 ACCEPT all -- * ath0 192.168.55.0/24 0.0.0.0/0 state NEW,ESTABLISHED
57 8171 ACCEPT all -- * * 0.0.0.0/0 192.168.55.254
0 0 ACCEPT all -- * * 0.0.0.0/0 192.168.55.250
0 0 DROP all -- ath0 * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vif1.0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vif2.0
|
and "iptables -t nat -nvL":
| Quote: |
Chain PREROUTING (policy ACCEPT 192K packets, 9172K bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- ath0 * 0.0.0.0/0 192.168.54.253 tcp dpt:10022 to:192.168.55.254:22
0 0 DNAT tcp -- ath0 * 0.0.0.0/0 192.168.54.253 tcp dpt:3389 to:192.168.55.250:3389
Chain POSTROUTING (policy ACCEPT 72609 packets, 3223K bytes)
pkts bytes target prot opt in out source destination
6 364 MASQUERADE all -- * ath0 192.168.55.0/24 0.0.0.0/0
|
So if anybody has an advice for me in this problem, I would really appreciate it!
Denis |
|
Networking & Security
