WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Xen4 Two-Way Routed Network & NAT

Bain, Duncan John wrote:

Currently I have Xen running in a two-way routed network, with all DomU's having public IPs (they are also accessed by these).

What I want is to also have a selection of DomU's running alongside with private IPs (192.168.0.XXX range). And then forwarding requests depending on what public IP address and port are used to these DomU's.

I've created a DomU with this setup.

address 192.168.0.10
netmask 255.255.255.0
broadcast 192.168.0.255
gateway 192.168.0.1

I've created a bridge (br1) with the IP 192.168.0.1 and I've set 'bridge=br1' in the vif section of the DomU config.

From the DomU I can ping Dom0 but no other traffic else makes it out at all. I also cannot ping the DomU from Dom0.

I've tried adding all sorts of routes but to no avail.

OK, adding routes will not help - even if you routed your 192.168 addresses out, your ISP would drop the packets. You need to configure NAT (Masq, or Masquerade, in iptables terminology) from the 192.168 network to the public network. I can't help with doing it in Dom0 - I've only ever set up 3 systems with Masq, and that's been done with Shorewall.

What I have done a couple of time though is setup a DomU just to do the routing/nat/firewall stuff. At home I use PCI passthrough to make the outside interface native on the firewall guest, and that does all the nat and filtering before passing traffic through to the internal network.

There's nothing (AFAIK) fundamentally stopping you doing it in Dom0 though.

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>