WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Networking Help - Routed Configuration with NAT - How to get

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Networking Help - Routed Configuration with NAT - How to get Dom0 to NAT its own connections
From: Jason <jason@xxxxxxxxx>
Date: Fri, 19 Oct 2007 21:05:41 +0800 (SGT)
Delivery-date: Fri, 19 Oct 2007 06:07:01 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <15537607.141192786040048.JavaMail.root@xxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Hi,

After loads of trial and error, I have managed to get a pretty workable network 
configuration set up:

The server is allocated public ips in xxx.xxx.xxx.192/29. Dom0 is bound to 
xxx.xxx.xxx.194-198

Xend is configured to use the default network-route and vif-route scripts.

DomU is to be mail server responding on IP xxx.xxx.xxx.198

DomU network configuration is vif = [ 'ip=10.0.66.66' ]

Set up NAT:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT -s 10.0.66.66 --to 
xxx.xxx.xxx.198
iptables -t nat -A PREROUTING -i eth0 --dport 25 -j DNAT -d xxx.xxx.xxx.198 
--to 10.0.66.66

At this stage everything works great, Except for one thing:

When Dom0 tries to send mail to the DomU - i.e. connecting to 
xxx.xxx.xxx.198:25 from Dom0, it tries to connect to itself - not DomU!

So in essence it is not NATing its own connections. I figured it is because it 
is configured to listen to xxx.xxx.xxx.198 (thus skipping iptables?) - so I 
unbound it from xxx.xxx.xxx.198 and then it seemed to work fine - for a while - 
until I think the router flushes its ARP cache. So then I started to read up on 
ARP and proxy arp etc... but still am not making much headway.

I would be grateful to anybody able to shed any light / hints on this!


Jason

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>