Hey everyone,

So I'm having a few problems with XenServer 5.6 that have been driving me up the wall the past week and a half.

First and foremost, what I am trying to do, is give a public IP to a guest system and allow traffic into its services (It's running Kerio Connect). Here's a rundown of how I have things set up so far:

The XenServer host machine has two NICs, with one of those facilitating the management interface, which is on the 10.0.0.0/24 internal network. The other NIC is going straight out to a public 45Mbit fibre line, no firewalls, no routers, just a direct connection. On this public interface, we have an assigned /24 block of IPs in the range 216.123.169.0/24

Now, given that we know exactly what IPs on that block we are currently using, let's say I assign my guest system an IP of 216.123.169.52. Now let's say this is a Debian guest, the /etc/network/interfaces file on that guest reads as follows:

auto eth0
iface eth0 inet static
address 10.0.0.106
netmask 255.255.255.0
gateway 10.0.0.15

auto eth1
iface eth1 inet static
address 216.123.169.52
netmask 255.255.255.0
gateway 216.123.169.1

However, I cannot ping out from eth1 (the public interface) on the guest, nor can I ping inward TO the guest's public IP.

Also, since I forgot to mention earlier, eth0 on the guest is pointing at the private interface on the host, and eth1 is on the public interface. On the host as well, I cannot ping in or out on the public interface, which has been given the public IP of 216.123.169.49.

Does anyone have an idea as to what I'm doing wrong here?

What is the output of "route -n" on your host? Is the public net the default route, in general?
Also, what is the contents of your file /etc/sysconfig/network ?

the management interface has the default route on system boot. However I have tried blowing that away and replacing it with a default route leading to the public interface (ip route replace default via 216.123.169.1 dev xenbr1) and still no luck.

> However I have tried blowing that away and replacing it with a default route leading to the public interface (ip route replace default via 216.123.169.1 dev xenbr1) and still no luck.
Did you create another management interface on the public network? To communicate on a particular network, the host needs an interface set up on that network (a static route is not enough). You can create a management interface in XenCenter to do that.

Normally you probably wouldn't want a management interface on the public network, but this is just for testing. Alternatively you can use the CLI to configure a standard network interface that won't have management functions:
pif-reconfigure-ip

___
{color:#555555}Kirk Kosinski{color} !http://www.linkedin.com/favicon.ico!
{color:#999999}MCITP: EA / VA / EDA7, VCP 4, CCA{color}

Yeah I did try that at one point. In XenCenter I set up the public interface as a second management interface. Still no luck.

If you setup a management interface on the NIC connected to your public network with the correct network settings, and you still could not ping anything on that network from the host, then there is a problem outside of XenServer. Check the switch configuration. For example, if that switch port has VLAN trunking enabled, verify that the native VLAN is the one connected to the public network since a management interface can only be on a native/untagged VLAN.

___
{color:#555555}Kirk Kosinski{color} !http://www.linkedin.com/favicon.ico!
{color:#999999}MCITP: EA / VA / EDA7, VCP 4, CCA{color}

There's no VLANs set up at all. The public interface on the XenServer box is going straight to our upstream router, which has no special configuration and was provided to us by our bandwidth provider.

You have two gateways setup. Change your interfaces file to this:

auto eth0
iface eth0 inet static
address 10.0.0.106
netmask 255.255.255.0
post-up route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.0.0.15

auto eth1
iface eth1 inet static
address 216.123.169.52
netmask 255.255.255.0
gateway 216.123.169.1

Change the post-up statement to what you would like the private side to be able to hit.

On the host machine, how would I use xe to add that post-up line?

You edit the file /etc/sysconfig/interfaces file directly, then when done saving it, do a
"service network restart" to load the new configuration.
--Tobias

> On the host machine, how would I use xe to add that post-up line?
Joseph's suggestion is to do this for the VM, not the host, so you can't do it with xe+. Edit the file and run +/etc/init.d/networking restart if this VM is running Debian.

Can you confirm that you are trying to ping endpoints on the public network itself, and not just beyond it. From the guest try to ping the gateway and the host's public IP:
> ping -I eth1 216.123.169.1
> ping -I eth1 216.123.169.49

___
{color:#555555}Kirk Kosinski{color} !http://www.linkedin.com/favicon.ico!
{color:#999999}MCITP: EA / VA / EDA7, VCP 4, CCA{color}