Wired Network Bridging for Xen
- Date: Sat, 17 Jun 2017 21:35:39 -0700 (PDT)
- From: ray <ray@xxxxxxxxx>
- Subject: Wired Network Bridging for Xen
I am trying to get Xen4.9 up and Debian 9 on a Toshiba laptop with only a wireless connection. I am trying to use:
This laptop will be a personal workstation implementing a variety of vms and OSs. My internet connection is a wireless connection to a JetPack 4G AP and various public/private wireless APs. In the future, I expect to have an additional wired connection to a router that will eventually reach the Internet with a tethered wireless connection to the JetPack (to share the connection with other devices).
My /etc/network/interfaces is:
# The loopback network interface
#auto lo xenbr0
iface lo inet loopback
#iface usb0 inet manual
iface wlp2s0 inet manual
iface xenbr0 inet dhcp
#bridge_ports wlan0 usb0
pre-up iwconfig wlan0 essid [myssid]
bridge_stp off # disable spanning tree protocol
bridge_waitport 0 # no delay before a port becomes available
bridge_fd 0 # no forwarding delay
#bridge_ports none # if you do not want to bind to any ports
#Bridge_ports regex eth* # use a regular expression to define ports
# To restart the service after update:
# /etc/init.d/procps restart
One of my challenges is that bridging to a wireless NIC requires 4addr. The code is:
iw dev wlan0 set 4addr on
but I don't know where or how to put this so it gets executed at the correct time.
I am not sure how to implement setting the ebtables rules. Example 1:
# ebtables -t nat -A POSTROUTING -o wlan0 -j snat --to-src $MAC_OF_BRIDGE --snat-arp --snat-target ACCEPT
Is the bridge MAC supposed to be the wireless NIC MAC? As it is not a physical device, I'm not sure what this means.
I question this because the page goes on to say:
The next rules will require you to know the MAC and IP of each of the machines behind your bridge. Replace $MAC and $IP with these.
# ebtables -t nat -A PREROUTING -p IPv4 -i wlan0 --ip-dst $IP -j dnat --to-dst $MAC --dnat-target ACCEPT
# ebtables -t nat -A PREROUTING -p ARP -i wlan0 --arp-ip-dst $IP -j dnat --to-dst $MAC --dnat-target ACCEPT
These seem to be the vms since it says 'behind your bridge'. As I expect to create/bring-up these on the fly, it seems it would be appropriate to use DHCP and won't know the IPs; and I am don't see how to assign the MACs, and I don't see how to invoke DHCP.
The page goes on to describe how to save the rules and then invoke them at boot up. Is this method reliable (always/usually functional) and are there any concerns?
The page finishes of with an example of "Link Aggregation (LACP) with VLANs". The example /etc/network/interfaces does not show any of the content in interfaces that was previously described. Thus I cannot tell how to use it or if it is necessary.
I appreciate all input.