[Xen-users] Xen 3.0, setting up a virtual network with NAT

[Richard Jones <rich@xxxxxxxxxxx>]

I've got a network set up as in the diagram below:

   domU               domU
   fake eth0          fake eth0
   192.168.99.2       192.168.99.3
       |                   |
       +-----------+-------+
                   |
               192.168.99.1
               dummy0
                * dom0 *
               real eth0
               public IP address

In /etc/xen/xend-config.sxp I've got:
 (network-script 'network-bridge netdev=dummy0')

This all works fine in so far as domU can ping dom0 and dom0 can ping
domU (ie. ping 192.168.99.2 -> 192.168.99.1 and
ping 192.168.99.1 -> 192.168.99.2 is all OK).

If I enable routing in the kernel on dom0, then domU can try to ping
the outside world, but of course the ping packets don't return because
their source address is wrong (192.168.99.2, not public IP addr).

But if I add the following NAT rule:
 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
it makes no difference!  Somehow these packets are bypassing normal
routing and so not being masqueraded, and so their source address is
not rewritten.

Has anyone got this working?

Note that I want to have a true virtual network here (not just domU
NAT) because I want the domU's to be able to talk to each other.

Rich.

-- 
Richard Jones, CTO Merjis Ltd.
Merjis - web marketing and technology - http://merjis.com
Team Notepad - intranets and extranets for business - http://team-notepad.com

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users