netbsd-users: Re: NetBSD 4beta2 / Xen3.0.3 Networking (routed)

Subject: Re: NetBSD 4beta2 / Xen3.0.3 Networking (routed)
To: Andrew Leach <imamushroom@gmail.com>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: netbsd-users
Date: 02/21/2007 23:44:01

On Wed, Feb 21, 2007 at 10:53:14AM +0100, Andrew Leach wrote:
> Hi,
> 
> I'm confused!
> 
> I'm trying to get a routed network up and running with xen but can't
> find sufficient information on the internet about this particular
> configuration as bridging seems to be far more popular (and I'm
> beginning to understand why!). Can someone help?
> 
> The configuration that I'm trying to achieve is this:
> 
> wifi (ral0) with multiple external IP addresses (done, setup via
> /etc/ifconfig.ral0 and /etc/ifaliases) on the physical machine where
> each ip address will be mapped/routed directly to a particular
> interface in a domU.
> 
> dom0 just uses one of the allocated addresses from the ral0 pool
> (done, completed effectively by the above step)
> 
> domU's use an IP based on a different subnet of the existing network
> (don't want to involve NAT at this point as that just over complicates
> matters)
> 
> Because it's a wifi nic I need to add mac address filtering to the
> firewall in to prevent access from someone off the street. This will
> be the dom0 firewall configuration.
> Once the mac address filter has been passed, perform all the usual
> IP/port filtering based on one of the addresses from the ral0 pool
> (static) and the ip address given to the domU by xen on start-up.
> 
> The packets between these two points will be routed only.
> 
> I'm not interested (I don't think) in using the xen startup scripts
> (network-script & vif-script) as I want a static point to point routed
> network and I believe that all this can be achieved in the dom0
> configuration.
> 
> I understand that when a domU starts it creates a vif based on the
> information passed to it from the domU configuration. For that I'm
> using something like:
> vif = [ 'mac=aa:00:00:50:00:01, vifname=xvif0.0, ip=192.168.12.11,
> mac=aa:00:00:50:00:02, vifname=xvif0.1, ip=192.168.12.12' ]
> 
> I've tried vifname=vif*, xennet* etc. but nothing seems to work.

You probably want something like:
vif = [ 'mac=aa:00:00:50:00:01, ip="192.168.12.11 netmask 255.255.255.0",
   vif-script=/usr/pkg/etc/xen/scripts/vif-ip' ]

This will give the xvifx.0 interface in dom0 IP 192.168.12.11, you
still need to give an IP to the xennet interface in the domU
(/etc/ifconfig.xennet0, or whatever).

you'll find the vif-ip script in /usr/pkg/share/examples/xen/

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--