remove the masquerading route when taking the interface down
converted to 1.6 markup
|Deletions are marked like this.||Additions are marked like this.|
|Line 1:||Line 1:|
Running Xen with a typical laptop network setup requires a little extra work. Typically the Xen guests are attached via a software network bridge to one of the system's network interfaces. This does not work well when the system changes location or simply changes from the wired to the wireless network, because the guests have no idea that the host's network environment changed.
Ideally the host OS (dom0) simply takes care of routing network traffic whereever it should go, NATing traffic to the internet. This article describes how this can be achieved relatively easily.
One simple solution is to have the xen ethernet bridge completely internal to the system, and leave the outside network interfaces (both wired and wireless) free to change with whatever environment you attach them to. Simply attaching the xen ethernet bridge to a dummy network interface inside domain zero will do the trick.
Add these lines to /etc/modprobe.conf:
alias dummy0 dummy options dummy numdummies=1
To configure your dummy network (with Red Hat style initscripts), create /etc/sysconfig/network-scripts/ifcfg-dummy0:
# Dummy interface for Xen DEVICE=dummy0 BOOTPROTO=none ONBOOT=yes USERCTL=no IPV6INIT=no PEERDNS=yes TYPE=Ethernet NETMASK=255.255.255.0 IPADDR=10.1.1.1 ARP=yes
In order to actually bind the xenbr0 ethernet bridge to dummy0, edit the network-script line in /etc/xen/xend-config.sxp:
(network-script 'network-bridge bridge=xenbr0 netdev=dummy0')
In order to make packet forwarding and Network Address Translation (NAT) work, you can add commands like the following to your firewall startup script, or simply to rc.local:
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE /sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
You can enable packet forwarding in /etc/sysctl.conf:
# Controls IP packet forwarding net.ipv4.ip_forward = 1 net.ipv6.conf.default.forwarding = 1
NetworkManager can deal with random new network hardware (eg. wifi network cards or USB sticks) being plugged into the system, but this does add the complexity of unpredictable network interface names. Luckily the NetworkManagerDispatcher daemon will call any script in the /etc/NetworkManager/dispatcher.d every time an interface is brought up or taken down.
The following script (lets call it /etc/NetworkManager/dispatcher.d/xenNAT) should work.
# /etc/NetworkManager/dispatcher.d/xenNAT # # Bring up iptables NAT for our Xen guests if a new network interface is brought up. # # The script is invoked by NetworkManagerDispatcher, like this: # xenNat <interface> <up/down> INTERFACE=$1 UPDOWN=$2 if [ $UPDOWN = 'up' ] ; then /sbin/iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE else /sbin/iptables -t nat -D POSTROUTING -o $INTERFACE -j MASQUERADE fi
Note that this script is untested because the author has no system with Xen and wifi networking. If you have verified that the script works, or have improvements, please edit this page.
Inside the guest
Since we do not have dhcp set up yet on our dummy network, for now it is easiest to simply configure your Xen guests with static IP addresses on the same subnet as your domain 0 dummy0 interface (10.1.1.0/24). You can edit the /etc/sysconfig/networking inside the guest to look like this:
NETWORKING=yes HOSTNAME=localhost.localdomain GATEWAY=10.1.1.1 IPADDR=10.1.1.10 NETMASK=255.255.255.0
To be written. How exactly do we set up a DNS proxy for the guests?