Re: Re: nfsroot and brige

[Mike Wray <mike.wray@hpl.hp.com>]

Ronald G. Minnich wrote:
> 
> On Thu, 13 Jan 2005, Grzegorz Milos wrote:
> 
> 
>>Instead use routing and iptables (masquerade) as follows:
>>dom0 eth0 stays with 10.128.107.187
>>dom0 eth1 stays with 192.168.0.65
>>dom0 acts as a NAT for unpriviledged domains
> 
> 
> that's what I was kind of figuring I would need to do. 
> 
> But a real bridge (I used to use them) would transparently bridge packets 
> from vif1.0 to eth1, right? This is what I never saw working, unless I did 
> things that made no sense (e.g. ifconfig xen-br0 192.168.0.65), and even 
> then I only got from domU to dom0. (it makes no real sense to me for a 
> *bridge* to have an IP address).

Remember the default is to have one bridge, xen-br0, and to enslave
eth0 to it. This means that IP on eht0 stops working. IP packets
arriving on eth0 are stolen by the bridge, though output to eth0 still works.
In order to get IP working again in dom0 you ahve to move the IP address and routes
from eth0 onto xen-br0 so that IP will work.

When connecting other interfaces together you should really use another bridge,
xen-br1 say. This bridge will not need an IP address unless a real interface
is connected to it _and_ you want dom0 access to IP on the interface. Otherwise
it doesn't need an IP.

> 
> I would expect something working as a real bridge to allow me to do this:
> 
> ifconfig eth1 192.168.0.65
> brctl  xen-br0 addif eth1
> brctl  xen-br0 addif vif1.0
> 
> This is essentially wiring the two ifs up to xen-br0. 

This sort of things works fine for me. I use vnets a lot
(well I wrote them :-) ), and they rely on bridging.
I have a tunnel interface like vnetif1000 and a bridge vnet1000.
I connect vifs onto the vnet1000 bridge and everything works fine.
The vnet1000 bridge does not have or need an IP address.

> then I dhcp from domU and I would think packets ought to flow to 
> vif1.0->eth1, and eth1->vif1.0, broadcasts would flow across the bridge 
> transparently and, once the right MAC discovery happened, packets from 
> vif1.0 would make it to 192.168.0.1

This is exactly what should be happening.
But if you use xen-br0 remember that eth0 is connected to it too.
You should probably use another bridge for eth1.

> I'm still not sure they didn't -- tcpdump seemed to think the DHCP 
> requests were going to eth1, but my home router didn't seem to think it 
> was seeing them. I will do a little more fooling around. 

Might be good to run ethereal in dom0 and on another machine on the
same LAN segment to see what made it onto the network.

Mike


-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt