When using Xen in SUSE Linux Enterprise Server 10, the default network configuration is
BRIDGE networking. Every virtual OS (domU) will have a unique IP in the same range as that of the physical network card. For example, if the physical network card (eth0) have an IP of 192.168.0.10, each domU will have an IP address in the range of 192.168.0.X. This means that the host OS (dom0)
AND, more importantly, other machines on the the network will be able to ping each domU as it appears to be another machine on the network with an IP.
What if you want to setup a private network for a set of virtual machines running on dom0? What if you want this private network to still be able to access the WWW (when available) ?I found myself in this predicament as I have a set of virtual machines (Windows, SLES, SLED etc) running on my Thinkpad T61p. The nature of my [mobile] work is such that there isn't always a LAN cable or a wifi connection available readily. Irregardless of my network environment, I need to perform testing and demonstration of software running on these virtual machines. Thus, I need a flexible setup with private networking for my domUs with Network Address Translation (NAT) for accessing the WWW when a physical LAN or Wifi becomes available.
Thanks to Till and Kai, my new German connections
, the following is how I did it on SLED 10 SP2* ...
* - Note that official production support for Xen is for SLES only. I'm using SLED as a development & testing desktop and the following steps will work on SLES as well.
Attention: Linux commands in braces [ ] are executed as root
1) Stop Xen daemon with [
rcxend stop ]
2) Remove the default bridge networking by editing the config file
/etc/xen/xend-config.sxp. Look for the following 2 lines and comment them out with hashes ##:
(network-script network-bridge)(vif-script vif-bridge)becomes
##(network-script network-bridge)##(vif-script vif-bridge)3) Setting up the bridge to physical network (eg eth0)
Create a network bridge br0 to the physical network device (ie eth0) by creating the file
/etc/sysconfig/network/ifcfg-br0 with the following contents:
BRIDGE='yes'STARTMODE='onboot'BRIDGE_PORTS='eth0'BOOTPROTO='dhcp'BROADCAST=''For br0 to work, it has to have the IP address. Therefore, change the physical network device (ie eth0) to not start the DHCP client routine by editing the
/etc/sysconfig/network/ifcfg-eth-id-xxx file with the following setting:
BOOTPROTO='none'4) Setting up a private network (eg. 192.168.1.x)
Create a private network bridge br1 by creating the file
/etc/sysconfig/network/ifcfg-br1 with the following contents:
BRIDGE='yes'STARTMODE='onboot'IPADDR='192.168.1.1'NETMASK='255.255.255.0'5) Changing the firewall settings for br0 and br1.
Change the firewall to allow network traffic for br0 and br1 as an external and internal network device respectively. Edit the file
/etc/sysconfig/SuSEfirewall2 and change the following settings as shown below:
FW_DEV_EXT="br0"FW_DEV_INT="br1"FW_ROUTE="yes"FW_MASQUERADE="yes"6) Restart networking and start Xen daemon
Execute the following in order:
[
SuSEconfig ]
[
rcnetwork restart ]
[
rcxend start ]
7) Edit each domUs config in
/etc/xen/vm directory to include
,bridge=br1 as follows:
From:
vif=[ 'mac=00:16:3e:75:06:c3,model=rtl8139,type=ioemu', ]To:
vif=[ 'mac=00:16:3e:75:06:c3,model=rtl8139,type=ioemu,bridge=br1', ]Refresh this change for each domU via:
[
xm delete domUName ]
[
xm new domUName ]
8) Boot up your virtual machines (domUs) and setup IP address in the range of 192.168.1.xxx. Remember to set the default gateway to 192.168.1.1.
For Windows VMs: Control Panel, Network Connections, from network device, right-click properties, double-click Internet Protocol (TCP/IP), set a unique fixed IP within the range of 192.168.1.[2-254], subnet mask to 255.255.255.0 and your Default gateway to 192.168.1.1. Click OK and OK again to affect the change.
For SLES VMs (Linux): setting IP to 192.168.1.10 in example below:
[
ip addr add 192.168.1.10/24 dev eth0 ]
[
ip link set eth0 up ]
[
ip route add default via 192.168.1.1 ]
You should now be able to ping all your virtual machines (domUs) from dom0 and vice versa.
Have fun!
The device is a Huawei E270 HSPDA modem. Vodafone (UK) is also offering this device and there is a 
The caveats (work-in-progress to resolve) are:
