Hi Folks,
I've been beating my head against the wall with Xen and trying to get a paravirtualized RHEL 5.2 sitting on a RHEL 5.2 host (should be easy to get it talking on the LAN, no?).
The guest domain (dom1 for the purposes of this conversation) is operating--but, no matter what networking setup I've tried, I can not see dom1 from my LAN (I'd like to see its web server; can't even ssh to it). Latest attempt follows pattern described here:
http://albertptobey.blogspot.com/200...etworking.html
I've also tried following the patterns here (including the forwarding info, which I did not fully understand, but didn't work--at least not as I attempted to do it--hard to be confident you did it right when you're not clear on the whys and wherfores):
http://wiki.xensource.com/xenwiki/XenNetworking
What I want is really simple:
2 NICs (machine actually has 3: eth0 not connected/configured; eth1 & eth2 connected to switch)
Code:
Physical NICs
eth1 192.168.1.129 traffic to/from host RHEL system
-- all works; web server is visible to LAN
-- visible to Internet via firewall/router forwarding
eth2 (no IP) supposedly bridged to the guest paravirtualized RHEL dom1's eth0
-- IP not assigned as per Albert Tobey's blogspot.com posting
-- want to get to the the web server on dom1 from LAN; doesn't work
(not sure how it could w/ no IP--unclear on why left w/o IP)
-- some configurations (w/ IP assigned) have allowed outbound/return pings
-- never found a setup that allowed inbound traffic to dom1 services
Bridge Interfaces unsure if this is running right in current configuration
br2 vif2.0 -- ifconfig shows RX packets, but zero TX packets
eth2.1
On dom1 VM
eth0 192.168.2.130 -- Note this is not on the LAN (192.168.1.x) but on 192.168.2.x subnet
-- Albert Tobey's explanation does not mention how to assign IP
-- ifconfig shows TX packets, but zero RX packets
-- not sure if this is hooked to the bridge's
vif2.0 interface
The bridge method for connecting physical and virtual NICs is supposed to be simplest and quickest, so that's what I've been trying. I've tried the default setup with the dom1 eth0 device (bridged to eth2) getting its IP via dhcp (which ends up being on the 192.168.122.0 subnet--this is not ideal so I just picked an IP; didn't seem to matter either way). I've tried using the default bridge that Xen creates (xenbr0) and specifying different names, and, in this last round [Albert Tobey's method], defining the bridge and just referring to it).
In the most hopeful combinations of settings I've tried, I can see "out" if you will from dom1 and ping IPs on the Internet. But, I can't see into dom1 from the LAN; no web server visible; no SSH connection possible. Traffic to the 192.168.1.130 (eth2) address doesn't get to the dom1 guest, as far as I can tell.
Should I be using the routing method rather than bridging?
Should I do something with iptables? Disable iptables?
Do I need to do something special with the assignment of the IP address to dom1's eth0 device? (I just picked a sort of random address--I want to avoid DHCP, if possible, because I end up with two competing DHCP servers on the net if dom0 is running DHCP services.)
Do I need to do something special with the assignment of the IP address to eth2?
Suggestions gratefully accepted!
