Question

5

How do I set up a xen bridge?

rated 0 times [ 5] [ 0] / answers: 1 / hits: 20630 / 3 Years ago, thu, june 10, 2021, 4:49:27

I have been reading various pages on how to set up the network for xen. Unfortunately, none of them actually have a full example config. They clearly show what the xenbr0 section should look like, but not how you should change the eth0 after mentioning:

Note! The IP configuration of the bridge device should replace the IP configuration of the underlying interface, i.e. remove the IP settings from eth0 and move them to the bridge interface. eth0 will function purely as the physical uplink from the bridge so it can't have any IP (L3) settings on it!

I have tried many configurations that all fail (after running /etc/init.d/networking restart, there is no normal netowork access and can't ssh in or out).

Here is my current config:

auto lo

iface lo inet loopback



auto xenbr0

iface xenbr0 inet static

    bridge_ports eth0

    address 10.0.0.3

    netmask 255.0.0.0

    broadcast 10.255.255.255

    gateway 10.0.0.1



auto eth0

iface eth0 inet manual

Perhaps that is correct and I just need to set up some iptables forwarding rules?
I tried running the command sudo iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT but I recieved an error message that --physdev-is-bridged is not a recognized option.

The debug output of restarting the network gives the following output:

Reconfiguring network interfaces...

Waiting for xenbr0 to get ready (MAXWAIT is 32 seconds).

RTNETLINK answers: No such process

Failed to bring up xenbr0

ssh stop/waiting

ssh start/running, process 3775

I have checked that xenbr0 already exists because when I try to create a bridge with that name, brctl tells me it can't create as one already exists.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

antebrow

Add To Favorites

Follow

Total Points: 291

Total Questions: 135

Total Answers: 117

Location: New Caledonia

Member since Thu, Mar 23, 2023

1 Year ago

antebrow questions

1 How can I copy files from many subdirectories to another directory while preserving directory structure?

Tue, Nov 2, 21, 08:21, 3 Years ago

1 Where can I find what controls the behavior of Ctrl + Alt + Backspace?

Fri, Oct 28, 22, 20:06, 2 Years ago

1 Really high kernel boot time

Fri, May 14, 21, 04:02, 3 Years ago

1 Can't install GeoDa in Ubuntu 21.04

Sat, May 14, 22, 14:51, 2 Years ago

1 Ubuntu using llvmpipe (LLVM 11.0.0, 256 bits) as graphics

Tue, May 3, 22, 21:43, 2 Years ago

View All

answered 3 Years ago avilyexplor · Accepted Answer

In the end I ended up just creating an interface and forwarding packets over it with some iptables rules, which seems to be working for me. This does NOT use the 'bridge' option that all the tutorials seem to suggest so I don't know if there is a fatal flaw?

auto lo

iface lo inet loopback





auto xenbr0

iface xenbr0 inet static

        bridge_ports none

        address 192.168.2.1

        netmask 255.255.255.0

        network 192.168.2.0

        broadcast 192.168.2.255

        gateway 10.0.0.3





# The primary network interface

auto eth0

iface eth0 inet static

        address 10.0.0.3

        netmask 255.0.0.0

        network 10.0.0.0

        broadcast 10.255.255.255

        gateway 10.0.0.1

        # dns-* options are implemented by the resolvconf package, if installed

        dns-nameservers 8.8.8.8

You need to edit /etc/sysctl.conf and and uncomment the following line:

net.ipv4.ip_forward=1

Then you need to create a script to edit iptables to forward packets:

sudo /sbin/iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE

sudo /sbin/iptables --append FORWARD --in-interface xenbr0 -j ACCEPT

return 0

Then you need to make sure that the script is called by the rc.local file:

sudo vi /etc/rc.local

Add the following line:

/bin/sh <path-to-script-you-just-created-here>

Then reboot to make all the settings take effect.

As you may notice, I set it so that the virtual machines use a 192.168.2.x address subnet whilst the outside lan is on 10.x.x.x, which is probably different from what most people will want so you will have to edit these to your own personal needs.

Update

Later I realized that a lack of bridging meant that I couldnt access my virtual machines from outside the network (i.e. I couldn't directly ssh into them from home, or run a website off of them etc)

Using a network configuration like so worked:

# The loopback network interface

auto lo

iface lo inet loopback



auto eth0

iface eth0 inet manual



auto xenbr0

iface xenbr0 inet static

        address 23.29.115.142

        netmask 255.255.255.248

        network 23.29.115.136

        broadcast 23.29.115.143

        gateway 23.29.115.137

        bridge_ports eth0

        bridge_stp off

        bridge_fd 0

        bridge_maxwait 0

(copied from here)

I'm guessing those extra bridge options made it work, or maybe the order in which the interfaces were listed in the file (eth0 before the bridge this time)