Port-xen archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: xen networking
On Sat, 6 Jun 2020, Dima Veselov wrote:
> On Fri, Jun 05, 2020 at 02:42:55PM +0100, Iain Hibbert wrote:
>
> > I have a xen dom0 with external connectivity and wish to set up NAT to
> > allow the domU network access but having a little difficulty with network
> > setup. I have tried several variations and always hit a wall eventually.
> > This is where I'm currently at:
>
> If I understand right - you have one dom0 with several domU's and one
> domU acting as a router/NAT for other domUs.
>
> Real network - wm0 (dom0) br0 - xennet0 (domU) xennet1 - br1 (dom0) br1 - domU
> xennet0
yes that is right.
> > domU-router has dnsmasq set up to provide IP addresses onto bridge1 and
> > this works fine, I can ping back and forth using hostnames. I also have
> > dom0 ask for an IP on this network (might NAT that to a separate network
> > instead, later)
> >
> > So currently I am stuck. I want to have domU-router get the IP address to
> > the external interface with dhcpcd. Then bridge0 will do its job and
> > domU-router will be the front end, right? (if so then I set up NAT)
>
> Something stay undisclosed here. You say dnsmasq is working good but then it
> sounds domU-router can't get xennet0 IP. Then what means it works good?
dnsmasq is dhcp/dns server for the domU network only so only listens on
xennet1.
domU-router would like to get the external IP on xennet0 so that it can be
the firewall.
> > Unfortunately, I think, if I get domU-router to issue a DHCP request, what
> > happens is that it goes out onto bridge0 with the domU-router MAC address
> > as source.
>
> Do you want domU-router to get an IP with mac-address of dom0 as it sounds?
> This will never happen, bridge is like a switch - every server have its own
> unique mac.
> There should be something about your network configuration. I suppose you
> make this setup complexed because you have some limitations in real network
> connected to wm0, but we need to know what they are.
Well, I only have a single IP available. I was trying to run these
services on the domU rather than the dom0 for security. Perhaps that is
not ultimately necessary.
> As it sounds to me - DHCP server which you try to use accept only dom0's wm0
> mac address. If it is so - you can either use dom0 as a router/NAT instead
> or swap mac addresses between dom0 and domU-router.
Hm ok, perhaps that would be an option. I can assign whatever MAC address
on the domU that I like. I don't think I can actually remove the wm0 MAC
but could add something else as the active address.
> > I can see it with tcpdump on wm0 but I don't know if it
> > actually goes out on the wire, and nothing ever comes back.
>
> Once you see it on dom0 wm0 you can be sure its on the wire. tcpdump capture
> output packets after all processing. There are some problematic cases when
> its not true but I would check it only as a last shot.
Ah. That means that the upstream is not speaking to me then. I presume
they have some kind of filtering (probably a MAC=>IP table)
iain
Home |
Main Index |
Thread Index |
Old Index