I have been reading various pages on how to set up the network for xen. Unfortunately, none of them actually have a full example config. They clearly show what the xenbr0 section should look like, but not how you should change the eth0 after mentioning:
Note! The IP configuration of the bridge device should replace the IP configuration of the underlying interface, i.e. remove the IP settings from eth0 and move them to the bridge interface. eth0 will function purely as the physical uplink from the bridge so it can't have any IP (L3) settings on it!
I have tried many configurations that all fail (after running /etc/init.d/networking restart, there is no normal netowork access and can't ssh in or out).
Here is my current config:
auto lo
iface lo inet loopback
auto xenbr0
iface xenbr0 inet static
bridge_ports eth0
address 10.0.0.3
netmask 255.0.0.0
broadcast 10.255.255.255
gateway 10.0.0.1
auto eth0
iface eth0 inet manual
Perhaps that is correct and I just need to set up some iptables forwarding rules?
I tried running the command sudo iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
but I recieved an error message that --physdev-is-bridged is not a recognized option.
The debug output of restarting the network gives the following output:
Reconfiguring network interfaces...
Waiting for xenbr0 to get ready (MAXWAIT is 32 seconds).
RTNETLINK answers: No such process
Failed to bring up xenbr0
ssh stop/waiting
ssh start/running, process 3775
I have checked that xenbr0 already exists because when I try to create a bridge with that name, brctl tells me it can't create as one already exists.
In the end I ended up just creating an interface and forwarding packets over it with some iptables rules, which seems to be working for me. This does NOT use the 'bridge' option that all the tutorials seem to suggest so I don't know if there is a fatal flaw?
You need to edit /etc/sysctl.conf and and uncomment the following line:
Then you need to create a script to edit iptables to forward packets:
Then you need to make sure that the script is called by the rc.local file:
Add the following line:
Then reboot to make all the settings take effect.
As you may notice, I set it so that the virtual machines use a 192.168.2.x address subnet whilst the outside lan is on 10.x.x.x, which is probably different from what most people will want so you will have to edit these to your own personal needs.
Update
Later I realized that a lack of bridging meant that I couldnt access my virtual machines from outside the network (i.e. I couldn't directly ssh into them from home, or run a website off of them etc)
Using a network configuration like so worked:
(copied from here)
I'm guessing those extra bridge options made it work, or maybe the order in which the interfaces were listed in the file (eth0 before the bridge this time)
Define eth0 first, without setting a gateway and IP. (Otherwise you will have "RTNETLINK answers: File exists" errors when the system attempts to create a route for the interface, since the bridge will attempt to create a route with the same priority and gateway and it's not smart enough to realize that they're identical anyways.)
Alternatively, your bridge can use DHCP:
When done, reboot. Otherwise, since you have been changing
eth0
but not setting a new IP, your bridge may not come up properly, even if you use theifup
command/restart networking. This is becauseeth0
can accidentally keep its IP address.Finally, configure your guest OS's network interfaces as if it were any other physical host on your network. (With example 1, you could use 192.168.1.11.) At this point, other devices on your network should be able to reach the guest.
No iptables or IP forwarding (sysctl.conf) is necessary. STP is needed only if your network supports STP and you need to avoid Layer 2 network loops, and you don't want to handle that manually. (i.e. Small networks won't need bridge_stp, bridge_fd or bridge_maxwait.)