Xen machine can see others on subnet but not gateway
EDIT: solved
it appears that switching static MAC definitions combined with mapping vif/0 and vif/0 statically to eth0 and eth1 (in domU, as per http://tomclegg.net/xen-eth0-renamed) done it.
I'm troubleshooting this strange issue (well, for me at least) on my xen domU.
Here's the basic layout:
-------- ------------- | | | XEN d0 | | A | | --------- | | | | | xen dU| | -------- -------------
Host A is unrelated machine with IP 213.226.13x.yyy/24
XEN d0 is the hypervisor with IP 213.226.13x.zzz/24
XEN dU is the guest OS (debian etch) I'm trying to configure to see the gateway, it has IP 213.226.13x.jjj/24
The gateway is 213.226.13x.1.
All machines are on the same subnet. The problem is that gues OS can't ping the gateway, but can ping dom0 and host A no problem.
dom0 and host A can ping each other, the gateway and guest.
Things I've tried on host A:
ARP ping
$ arping -c 1 -i eth0 213.226.13x.1
ARPING 213.226.13x.1 60 bytes from 00:02:b3:e8:30:7e (213.226.13x.1): index=0 time=224.113 usec ...
(strangely, arping -c 1 -i eth0 00:02:b3:e8:30:7e does not work).
Broadcast ping
$ ping -b 213.226.13x.255
WARNING: pinging broadcast address PING 213.226.13x.255 (213.226.13x.255) 56(84) bytes of data. 64 bytes from 213.226.13x.18: icmp_seq=1 ttl=64 time=0.463 ms 64 bytes from 213.226.13x.28: icmp_seq=1 ttl=64 time=0.478 ms (DUP!) ...
Same stuff on xen guest doesn't return any results (both, arping and ping -b).
$ iptables -L output on both, host A and xen guest is the same (zero rules):
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
Things I've ruled out as of this time:
damaged physical link - XEN dom0 wouldn't work also, which is not the case.
firewall on gateway - my ARP pings would still get through?
firewall on xen guest - iptables -L has no rules
routing issue - not sure about this one, but I wouldn't be able to ping host A and dom0 with messed up routing table, would I?
Any help is very much appreciated
EDIT1: additional info
I'm not using xen's bridging scripts, network-dummy instead with manually created br-eth1 for eth1 which is the interface for the local network. eth0 is the bridge created by XEN installation for eth0 interface (renamed to peth0 AFAIK).
Here's how /etc/network/interfaces look like on dom0:
# The loopback network interface auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 213.226.13x.zzz netmask 255.255.255.0 gateway 213.226.13x.1 auto eth1 iface eth1 inet manual auto br-eth1 iface br-eth1 inet static address 192.168.1.11 netmask 255.255.255.0
And "brctl show" (with domU being off)..
bridge name bridge id STP enabled interfaces br-eth1 8000.000423d0d059 no eth1 eth0 8000.000423d0d058 no peth0
EDIT2: additional info
XEN config for domU:
# # Bootloader + kernel + memory size # bootloader = '/usr/lib/xen-3.2-1/bin/pygrub' kernel = '/boot/vmlinuz-2.6.18-5-xen-686' ramdisk = '/boot/initrd.img-2.6.18-5-xen-686' memory = '3072' vcpus = '4' # # Disk device(s). # root = '/dev/sda1 ro' disk = [ 'phy:/dev/vg_main/domain-disk,sda1,w', 'phy:/dev/vg_main/domain-swap,sda2,w', ] # # Hostname # name = '...' # # Networking # vif = [ 'ip=213.226.13x.jjj,mac=00:16:3E:83:0B:BC,bridge=eth0', 'ip=192.168.1.12,mac=00:16:3E:83:0B:AC,bridge=br-eth1', ] # # Behaviour # on_poweroff = 'destroy' on_reboot = 'restart' on_crash = 'restart'
Solution 1:
- Show your xen bridge/route script (that actually provides network for domU).
- What's the difference in tcpdump output on dom0 external interface when you ping host A and gateway from domU ?