How to get network going ------------------------ Right now xenner supports only one mode for networking, and that one is bridging. It doesn't do any of the bridging setup though. Thus networking needs some setup, it does NOT "just work" out of the box. When using libvirt it should be easy as libvirt will handle all the bridging and network setup and management part for you and you can stop reading now ;) xenner's -network command line switch takes a MAC address and a bridge interface. xenner then will create a tap device. The tap device is hooked into the bridge and connected to the virtual nic of the guest. What needs to be done is setting up the bridge device in advance. You can hook the physical host nic into that bridge. This is what Xen does by default and it makes the guests show up on the hosts network. You also can keep the bridge separate. This is what I am doing, setup is described below. Main advantage is that it works better with a notebook which can connect to the network using different interfaces. Even when unconnected the guests can at least talk to other guests and the host. My Fedora setup --------------- This file creates the bridge device at boot time and configures it for the 172.31.6.0/24 network. ----- /etc/sysconfig/networking/devices/ifcfg-br0 ----- DEVICE=br0 TYPE=Bridge #MACADDR=00:00:11:22:33:44 BOOTPROTO=none NETMASK=255.255.255.0 IPADDR=172.31.6.1 ONBOOT=yes USERCTL=no IPV6INIT=no PEERDNS=no ----- cut here ----- If you don't want to assign static IP addresses to your guests you can setup a dhcp server like this: ----- /etc/sysconfig/dhcpd ----- # Command line options here DHCPDARGS="br0" ----- cut here ----- ----- /etc/dhcpd.conf ----- ddns-update-style none; ignore client-updates; subnet 172.31.6.0 netmask 255.255.255.0 { option routers 172.31.6.1; option subnet-mask 255.255.255.0; option domain-name "travel.kraxel.org"; option domain-name-servers 172.31.6.1; range dynamic-bootp 172.31.6.128 172.31.6.254; default-lease-time 600; max-lease-time 3600; # tftp next-server 172.31.6.1; filename "pxelinux.0"; } ----- cut here ----- I have also a local named running, so the host can act as domain name server too (as indicated by the dhcpd config). You might want to try dnsmasq instead of a full-featured named and dhcpd setup. If you want allow your guests talk to the outside world (assuming the host has a connection of course) you have to enable ip forwarding (in /etc/sysctl.conf) and setup some firewall rules. Here is my iptables script (called from /etc/rc.d/rc.local): ----- /root/bin/vnet-fw ----- #!/bin/sh INTERFACES="${1-br0}" ############################################################### # init # setup queues iptables -t filter -N vnet-filter-in && iptables -t filter -I INPUT -j vnet-filter-in iptables -t filter -N vnet-filter-fw && iptables -t filter -I FORWARD -j vnet-filter-fw iptables -t mangle -N vnet-mangle-fw && iptables -t mangle -I FORWARD -j vnet-mangle-fw iptables -t nat -N vnet-nat && iptables -t nat -I POSTROUTING -j vnet-nat # flush queues iptables -t filter -F vnet-filter-in iptables -t filter -F vnet-filter-fw iptables -t mangle -F vnet-mangle-fw iptables -t nat -F vnet-nat ############################################################### # setup rules for if in $INTERFACES; do iptables -t filter -A vnet-filter-in -i ${if} -j ACCEPT iptables -t filter -A vnet-filter-fw -o ${if} \ -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t mangle -A vnet-mangle-fw -i ${if} -p icmp -j MARK --set-mark 1 iptables -t mangle -A vnet-mangle-fw -i ${if} -p tcp -j MARK --set-mark 1 done iptables -t mangle -A vnet-mangle-fw -m mark --mark 1 -p tcp \ --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu iptables -t filter -A vnet-filter-fw -m mark --mark 1 -p tcp \ --tcp-flags SYN,RST SYN -j LOG --log-prefix "vnet-fw-tcp: " iptables -t filter -A vnet-filter-fw -m mark --mark 1 -j ACCEPT iptables -t nat -A vnet-nat -m mark --mark 1 -j MASQUERADE ----- cut here ----- HTH, Gerd