LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   XEN-SUSE 10.1-- DHCP Server works under plain but not under XEN (http://www.linuxquestions.org/questions/linux-networking-3/xen-suse-10-1-dhcp-server-works-under-plain-but-not-under-xen-452601/)

Dimitriy 06-07-2006 10:13 PM

SOLVED---XEN-SUSE 10.1-- DHCP Server works under plain but not under XEN
 
SOLVED!!

Ok here is the setup:

Server:
OSS SUSE 10.1
ETH0 = External (Grabs IP from cable modem)
ETH1 = Internal (Hands out IPs to clients on my network)

DHCP Server works completely fine in plain SUSE kernel.

However once I get into Xen kernal my DHCP server hands out IPs that look fine and even the DNS hands out fine. However my internet works only on the Server. REPEAT: Internet works stricly on the Server box. My clients cant connect to the internet but can ping the server just fine.

However in the plain Kernel all is fine.

Is it a case of SUSE saying that the other virtual network cards are really the main real cards?

Also can the virtual cards recieve a DHCP address from the domain 0 DHCP Server?

Dimitriy 06-08-2006 05:42 PM

Anyone got the slightest clue?

???

Like to clarify that the DNS comes from my cable company NOT from my Server box.

Dimitriy 06-08-2006 06:15 PM

Like to also add that on boot of the Xen Kernel the xenbr0 doesnt get configured. Is this normal?

Dimitriy 06-08-2006 06:34 PM

Bingo Hit upon it: Basically as far as I got it Xen by default thinks that there is only one blasted network card. However I use two one internal one external.

To fix it simply make a new script and call it say network-bridge2 in /etc/xen/scripts folder. Then reference it through ...

"To use it, you need to edit /etc/xen/xend-config.sxp . Set the
variable network-script to point to this script. ..."

The site says change the vif variable but I just left it and it seems to work fine!

Code:

#!/bin/sh
#============================================================================
# Default Xen network start/stop script.
# Xend calls a network script when it starts.
# The script name to use is defined in /etc/xen/xend-config.sxp
# in the network-script field.
#
# This script replaces a network device with a bridge by renaming
# the network device and creating a new bridge with the old name
# of the renamed device. The renamed device is enslaved to the
# bridge.
#
# The general idea is that names of devices given in  Firewall and
# routing rules can remain the same before/after the script is
# run.
#
# If all goes well, this should ensure that networking stays up.
# However, some configurations are upset by this, especially
# NFS roots. If the bridged setup does not meet your needs,
# configure a different script, for example using routing instead.
#
# Usage:
#
# network (start|stop|status) {VAR=VAL}*
#
# Vars:
#
# bridge    The bridge to use. (defaults to xen-br0: this proably isn't
#            what you want. Remember to edit variable vif-bridge in
#            file /etc/xen/xend-config.sxp. )
# netdev    (now unused)
# antispoof  Whether to use iptables to prevent spoofing (default yes).
#
# start:
# Renames the network device ${bridge} as ${bridge}slv
# Creates a new bridge device named ${bridge} that takes
# the place of the renamed device.
# Enslaves the the renamed network device to the new bridge device.
# Deletes the routing information for the network device and
# adds new routing information for the new bridge device using ifup
#
# stop:
# Removes netdev from the bridge.
# Deletes the routes to bridge and adds them to netdev.
#
# status:
# Print ifconfig for ${bridge}and ${bridge}slv.
# Print routes.
#
#============================================================================

# Exit if anything goes wrong.
#set -e

#DEBUG=""
#DEBUG="echo"

BRCTL="$DEBUG brctl"
IFUP="$DEBUG ifup"
IFDOWN="$DEBUG ifdown"
IP="$DEBUG ip"
IPTABLES="$DEBUG iptables"
#PATH="/sbin:/usr/sbin:$PATH"

# debugging sleep to fix posible races?
SLEEP="true "
#SLEEP="sleep "

# First arg is the operation.
OP=$1
shift

# Pull variables in args in to environment.
for arg ; do export "${arg}" ; done

bridge=${bridge:-xen-br0}
netdev=${netdev:-eth0}
antispoof=${antispoof:-yes}

echo "# network $OP bridge=$bridge netdev=$netdev antispoof=$antispoof"

# takes 1 arg, the name of a network device
# exit status of 0 or 1
is_netdev() {
    local netdev=$1

    [ $# == 1 ] && ifconfig $netdev >/dev/null 2>&1 || false
}

# takes 1 arg, the name of a network device
# exit status of 0 or 1
is_bridge() {
    local netdev=$1
   
    [ $# == 1 ] && brctl showmacs $netdev >/dev/null 2>&1 || false
}


# Usage: create_bridge bridge
# Create bridge $bridge and set bridge parameters.
# Does not add slave devices.
# Does not assign an IP address.
create_bridge() {
    local netdev=$1

    if [ $# != 1 ] ; then
            false
            return
    fi
    # Don't create the bridge if it already exists.
  echo create_bridge $netdev
  if ! is_netdev ${netdev} && ! is_bridge ${netdev} ; then
        $BRCTL addbr ${netdev}
        $BRCTL stp ${netdev} off
        $BRCTL setfd ${netdev} 0
  fi
}

# Return the MAC address of the network device
# given as an argument.
get_mac_addr() {
    local netdev
    local ret

    if [ $# != 1 ] ; then
            false
            return
    fi
    netdev=$1

    ip link show $netdev \
        | grep -e 'link/ether' \
        | sed -e 's#^[  ]*link/ether[ ]\(\([0-9a-f]\+:\)\+[0-9a-f]\+\).*#\1#'
    return
}


# Usage: antispoofing dev bridge
# Set the default forwarding policy for $dev to drop.
# Allow forwarding to the bridge.
antispoofing() {
    local dev=$1
    local bridge=$2

    $IPTABLES -P FORWARD DROP

    # XXX . OUCH! This looks horribly permissive.
    # I am not sure that firewall rules belong here.
    $IPTABLES -A FORWARD -m physdev --physdev-in ${dev} -j ACCEPT
}

#Usage: show_status dev bridge
#Print ifconfig and routes.
show_status() {
    local bridge=$1
   
    echo '============================================================'
    ifconfig ${bridge}
    ifconfig ${bridge}slv
    echo ' '
    ip route list
    echo ' '
    route -n
    echo '============================================================'
}

#    start      \  ${bridge}
#                \    is_br  is_dev  missing
# ${bridge}slv    \
#                  +-------+-------+-------+
#          is_br    |  (1)  |  (3)  |  (1)  |
#                  +-------+-------+-------+
#          is_dev  |  (2)  |  (1)  |  (4)  |
#                  +-------+-------+-------+
#          missing  |  (1)  |  (5)  |  (1)  |
#                  +-------+-------+-------+

# (1) Error: bail out leaving things as is.
# (2) Do nothing: bridge already started
# (3) create bridge called ${bridge}slv (if it doesn't already exist)
#    ifdown ${bridge}
#    rename ${bridge} -> ${bridge}tmp
#    rename ${bridge}slv -> ${bridge}
#    rename ${bridge}tmp -> ${bridge}slv
#    enslave ${bridge}slv to ${bridge} (and make sure slave it is up.)
#    ifup ${bridge}
# (4)

op_start () {
    local real_mac_addr

    if [ "${bridge}" == "null" ] ; then
        return
    fi

    if is_bridge ${bridge}slv ; then
        # row 1 in table above
        if is_bridge ${bridge} || ! is_netdev ${bridge} ; then 
            # (1)
            echo 'case #1'
            # bail out with error
            false
            return
        else
            #(3)
            echo '# case #3'
            real_mac_addr="eth-id-$(get_mac_addr ${bridge})"
            $IFDOWN $real_mac_addr $bridge
            $IP link set ${bridge}slv down
            $IP link set ${bridge}slv name ${bridge}tmp
            $SLEEP 1
            $IP link set ${bridge} name ${bridge}slv
            $SLEEP 1
            $IP link set ${bridge}tmp name ${bridge}
            $SLEEP 1
            $BRCTL addif ${bridge} ${bridge}slv
            $SLEEP 1
            # Use the mac addr of the enslaved device to find
            # configuration for the bridge.
            $IFUP $real_mac_addr ${bridge}
            $IP link set ${bridge}slv up
            return
        fi
    elif is_netdev ${bridge}slv ; then
        # row 2 in table above
        if is_bridge ${bridge} ; then
            # (2)
            echo '# case #2'
            # nothing to do, return success
            true
            return
        elif is_netdev ${bridge} ; then
            # (1)
            # bailout with error
            false
            return
        else
            # (4)
            echo '# case #4'
            real_mac_addr="eth-id-$(get_mac_addr ${bridge}slv)"
            # create a bridge named ${bridge} and enslave
            # ${bridge}slv to it.
            # Make sure both interfaces are up.
            create_bridge ${bridge}
            $BRCTL addif ${bridge} ${bridge}slv
            $IP link set ${bridge}slv up
            $SLEEP 1
            # Use the mac addr of the enslaved device to find
            # configuration for the bridge.
            $IFUP $real_mac_addr ${bridge}
            return
        fi
    else
        # row 3 in table above
        if is_bridge ${bridge} ; then
            # (1)
            # bail out with error
            false
            return
        elif is_netdev ${bridge} ; then
            # (5)
            echo '# case #5'
            real_mac_addr="eth-id-$(get_mac_addr ${bridge})"
            $IFDOWN $real_mac_addr $bridge
            $IP link set ${bridge} name ${bridge}slv
            $BRCTL addbr ${bridge}
            $BRCTL addif ${bridge} ${bridge}slv
            $SLEEP 1
            # Use the mac addr of the enslaved device to find
            # configuration for the bridge.
            $IFUP $real_mac_addr ${bridge}
            $IP link set ${bridge}slv up
            return         
        else
            # (1)
            # bail out with error
            false
            return
        fi
    fi

    # Create the bridge and give it the interface IP addresses.
    # Move the interface routes onto the bridge.
    #create_bridge ${bridge}
    # Don't add $dev to $bridge if it's already on a bridge.
    #if ! brctl show | grep -q ${netdev} ; then
    #    brctl addif ${bridge} ${netdev}
    #fi
   
    #if [ ${antispoof} == 'yes' ] ; then
    #    antispoofing ${bridge}slv ${bridge}
    #fi
}

op_stop () {
    if [ "${bridge}" == "null" ] ; then
        return
    fi
    # Remove the interface from the bridge.
    # Move the routes back to the interface.
    if is_netdev ${bridge} && is_bridge ${bridge} ; then
        $IFDOWN ${bridge}
        $IP link set ${bridge}slv down
        $BRCTL delif ${bridge} ${bridge}slv
        $IP link set ${bridge} name ${bridge}tmp
        $SLEEP 1
        $IP link set ${bridge}slv name ${bridge}
        $SLEEP 1
        $IP link set ${bridge}tmp name ${bridge}slv
        $SLEEP 1
        $IFUP "eth-id-$(get_mac_addr ${bridge})" ${bridge}
        return
    fi

  # It's not our place to be enabling forwarding...
}

case ${OP} in
  start)
      op_start
      ;;
 
  stop)
      op_stop
      ;;

  status)
      show_status ${bridge}
      ;;

  *)
      echo 'Unknown command: ' ${OP}
      echo 'Valid commands are: start, stop, status'
      exit 1
esac

Taken from http://lists.xensource.com/archives/.../msg00597.html

Dimitriy 06-08-2006 06:53 PM

Alas hte vif.0 now cant connect!!!!! Argh! Any help?


All times are GMT -5. The time now is 03:03 AM.