[geeks] the virtualization project

Patrick Finnegan pat at computer-refuge.org
Sun Sep 18 08:49:28 CDT 2011 

On Saturday, September 17, 2011, Shannon wrote:
> On Sep 17, 2011, at 15:07 , Patrick Finnegan wrote:
> >> bridge name	bridge id	STP		interfaces
> >> eth0		8000.blah blah	NO		peth0
> >> 
> >> I don't get that... its listing eth0 as a bridge?
> > 
> > Yep. Once you install Xen, it renames your physical interface to
> > peth0, and creates a bridge to use for itself, named eth0.  In
> > doing this is where the default gateway goes away (which you
> > noticed in another message).
> 
> Thanks for this note. I thought somehow it was going to do what it
> did on NetBSD. Xen on NetBSD requires you to specifically make a
> bridge.
> 
> So, nice to know... but its still not working.

Strange.
 
> The Xen wiki says that bridged packets go through PREROUTING,
> FORWARD, and POSTROUTING rules in the iptables chains (I assume they
> mean if you are hosting on Linux) and that its likely FORWARDING is
> dropping them.
> 
> So maybe its the firewall that is breaking things. I'm going to try
> and enable firewall logs to see if it will show me what rule is
> firing when Xen guests try to send packets.

By default, you shouldn't have a firewall on Debian.  Do an "iptables -L 
INPUT" (and the same for OUTPUT, FORWARDING) to look at the firewall 
rules. If you have any, use "iptables -P FORWARDING ACCEPT" to set the 
default policy to accept, and then "iptables -F FORWARDING" to flush the 
rules.  See if that helps.

> > Yes, since eth0 is the bridge made from peth0.  IIRC, peth0 will
> > have to be up for the bridge device (eth0) to work.
> 
> No commands given for peth0 work at all, it becomes a purely physical
> ethernet interface. Everything is done on the bridge once Xen munges
> things according to the Xen wiki.

That's not 100% true, but you don't want to use the peth0 device to 
assign an IP address to.  If you do, that IP won't be able to 
communicate to the Xen guests.  You will still need peth0 to be up (if 
you do an "ifconfig", peth0 should show up in the list. if it doesn't, I 
don't think any networking with that physical device will work, 
including on the Dom0 (host), so I'm guessing that's not the problem)

> I can seem why they do this: you continue to use networking commands
> as you did before, and it hides (to varying degrees of success) the
> fact you are really configuring the bridge. When the machine first
> boots it will apply those commands to the real eth0 before switching
> it, so its a rather scripted illusion :)

Yep.

> One article I read suggested turning off Xen's bridge scripts and set
> up Debian bridging yourself. They said while slightly more work, it
> avoided a number of problems, though I wasn't clear at the time
> which problems.

I haven't had to do this myself.

> I think first I'm going to make firewall logs as verbose as possible
> and see if they are blocking the guests as the wiki suggests.

-- 
Patrick Finnegan

More information about the geeks mailing list