Setting up virtual network

Setting up virtual network

[Rick]

Hello,

I have installed xen2.0 on my fedora core 3 machine.
I am having some trouble to set up the virtual network between the
different  domains. The truth is I do not know much about the setup of
virtual ethernet bridge and how to route stuff inside. From what I
undestand, the bridge connects all interfaces (eth0, vif1.0 etc... )
together. If someone could point me to some material that would be
great. This is what I have done so far:

I can start xen and domain0 comes up correctly. From domain0 I can
have access to internet. Next I start the ttylinux with the following
configuration:

===================================================
kernel = "/boot/vmlinuz-2.6.10-xenU"
memory = 64
nics=1
ip = "10.0.0.2"
disk = [ 'file:/Xen/TtyLinux/ttylinux-xen,sda1,w' ]
root = "/dev/sda1 ro"
===================================================

After ttylinux comes up, my network looks like this:

===================================================
ifconfig on domain0

eth0      Link encap:Ethernet  HWaddr 00:0E:A6:6B:70:CC
          inet addr:128.100.241.161  Bcast:128.100.241.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2209 errors:174 dropped:0 overruns:0 frame:0
          TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:166158 (162.2 KiB)  TX bytes:4326 (4.2 KiB)
          Interrupt:22 Memory:feafc000-0

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:847 errors:0 dropped:0 overruns:0 frame:0
          TX packets:847 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:54901 (53.6 KiB)  TX bytes:54901 (53.6 KiB)

vif1.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:236 errors:0 dropped:47 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:15084 (14.7 KiB)

xen-br0   Link encap:Ethernet  HWaddr 00:0E:A6:6B:70:CC
          inet addr:128.100.241.161  Bcast:128.100.241.255 
Mask:255.255.255.255          UP BROADCAST RUNNING MULTICAST  MTU:1500
 Metric:1
          RX packets:1238 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:65724 (64.1 KiB)  TX bytes:1364 (1.3 KiB)
===================================================

===================================================
ifconfig on ttylinux

eth0      Link encap:Ethernet  HWaddr AA:00:00:41:24:DF
          inet addr:10.0.0.2  Bcast:10.255.255.255  Mask:255.0.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
====================================================


I want to communicate between ttylinux and domain0
So I try to assign an IP to vif1.0 on domain0 "ifconfig vif1.0 10.0.0.1"
Next I try to "ping 10.0.0.2" from domain0 and "ping 10.0.0.1" from ttylinux.
But of course that does not work :). I am pretty new to those things, if someone
can point me what to work on, that would be great.
To make ttylinux to access internet, do I have to set domain0 as a NAT router ?

Also, another issue that may or may not be related. When I boot into 
xen2.0/domain0, my iptable is not loaded properly:

==================================================
[root@aquarius ~]# /etc/init.d/iptables start
Applying iptables firewall rules: iptables-restore v1.2.11: iptables-restore: 
unable to initializetable 'filter'

Error occurred at line: 3
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
                                                           [FAILED]
==================================================

I have just installed xen2.0 on a fresh fedora core 3 installation and my
iptables rules are those that were created by fedora core 3 installation:

==================================================
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
===================================================

Is that iptable error important to get my virtual network to run correctly ?
Should I add additional modules in my .config file to compile iptables module in
the vmlinuz-2.6.10-xen0 kernel ?

Thanks
Rick


-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt

Re: Setting up virtual network

[Edward Middleton]

>
>
>===================================================
>ifconfig on domain0
>
>eth0      Link encap:Ethernet  HWaddr 00:0E:A6:6B:70:CC
>          inet addr:128.100.241.161  Bcast:128.100.241.255  Mask:255.255.255.0
>
>xen-br0   Link encap:Ethernet  HWaddr 00:0E:A6:6B:70:CC
>          inet addr:128.100.241.161  Bcast:128.100.241.255 
>
>===================================================
>ifconfig on ttylinux
>
>eth0      Link encap:Ethernet  HWaddr AA:00:00:41:24:DF
>          inet addr:10.0.0.2  Bcast:10.255.255.255  Mask:255.0.0.0
>  
>
To start with a bridge must be on the same network.  If you look at your 
configuration eth0 on the domain0 is on the 128.100.241.0 network and 
you ttylinux is on the 10.0.0.0 network.

>I want to communicate between ttylinux and domain0 So I try to assign an IP to vif1.0 on domain0 "ifconfig vif1.0 10.0.0.1" Next I try to "ping 10.0.0.2" from domain0 and "ping 10.0.0.1" from ttylinux.
>  
>
Think of vif1.0 and eth0 in ttylinux as being the same thing.  They have 
ip 10.0.0.2. What you want to do is remove the domain0 interface eth0 
from the bridge.

brctl delif xen-br0 eth0

bring down the xen-br0 interface

ifconfig xen-br0 down

bring it up with the host interface with 10.0.0.1 ip.

ifconfig xen-br0 10.0.0.1 up

this will put your bridge interface xen-br0 on the same network as 
vif1.0.  You should now be able to ping your ttylinux domain.
next you need to setup the NAT.  Use xen-br0 as though it was a real NIC 
interface to you LAN and all should work.

Edward Middleton


-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt