On Sun, Feb 18, 2007 at 02:44:50PM -0700, Archive wrote: > As mentioned in an earlier email the DOMU or secondary Xen system(s) can > not only talk to the DOM0 or Xen primary system but also to other other > DOMU or secondary Xen system(s) and that most likely involves not only > LAN interaction but also Internet interaction.
[...]
>
> Any takers on this??????????????????????
>
[..]
I'm not sure what you're getting at here, but here is my network setup
using my previously posted xen configuration of Dom0 lan server, DomU
firewall and DomU mail server.
Dom0 boot line includes: pciback.hide('0000:02:00.0') which is the pci
address of my second NIC on this machine. That effectively 'hides'
that NIC from Dom0 and in fact, I can't make it function at all from
that Dom unless I do some binding/unbinding stuff in /proc and even
that might not work.
Dom0 /etc/network/interfaces
auto eth0
iface eth0 inet dhcp
this is essentially meaningless as xen completely restructures this
interface when it comes up.
when xen comes up it creates a bridge called xenbr1. it then renames
eth0 as peth0 (physical eth0) and creates a virtual eth0 for dom0 to
use and includes both peth0 and eth0 in that bridge. Then it also
creates vif0 and includes that in the bridge and maps it to eth0 in
DomU1. I also pass the hidden eth1 (from pciback.hide above) to DomU1
with
pci=['0000:02:00.0']
so that domU1 sees that interface.
finally I have created a bridge with no interfaces in Dom0
brctl add xenbrDMZ
ip link xenbrDMZ up
(don't hold me to those commnads, I'm not at that machine right now).
this bridge has not interaces in dom0 and dom0 can't see it,
essentially.
when I bring up DomU1, its gets an eth0 from xenbr1, gets eth1 from
xenbrDMZ, and eth2 from the pciback thing. this is what I use as my
firewall with a standard shorewall 3-interface firewall.
from DomU1 .cfg
vif = [ 'mac=aa:00:00:00:00:11,xenbr1', \
'mac=aa:00:00:00:00:21,xenbrDMZ' ]
pci = [ '0000:02:00.0' ]
that makes my three interfaces in Domu1. note that the mac addresses
are made up just to make my life easier.
when Domu2 comes up, it *only* attaches to xenbrDMZ. its only internet
link is through DomU1.
vif = [ 'mac=aa:00:00:00:00:22,xenbrDMZ' ]
that creates eth0 in Domu2.
with me?
then Domu1 has /etc/network/interfaces
auto eth0
auto eth1
auto eth2
# our LAN interface
iface eth0 inet static
address...
#our DMZ interface
iface eth1 inet static
address...
# our net interface
iface eth2 inet dhcp
Domu2 interfaces is
auto eth0
iface eth0 inet dhcp
as I have dhcpd running on Domu1.
now that you're thoroughly confused, run off and read the shorewal web
page about xen and the xennetworking entry on the the xen wiki... ;)
A
signature.asc
Description: Digital signature
