This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-users] Xen and kernel NAT

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Xen and kernel NAT
From: "Debunk it" <debunkers@xxxxxxxxx>
Date: Wed, 14 Nov 2007 07:52:04 -0600
Delivery-date: Wed, 14 Nov 2007 05:52:48 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=HK/WpXmaplnaddjRoeeFG6+ZFv+nuvYsQX6ZZOtTkag=; b=LENG2mYWGHtogqfjAzEItWFEoVCOsieEQCopncCnmPtK9w3LPaIIumT/5TjCUIHyyqCo4Wl58Nc9ptm2VLQhee4zlCgN9i/rG+5j4alVochOEioXr0z9qdh7DAxRcLxj4egzvh8Tn4JrEiMBuShhNXHTCZEMn4gEfPnG5CVUkic=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=pXs4mYRkWwDcnal7EleV000+8+ueDjRtA7KixAYqU1Y1AnowtT6XgPH7J9OsAvdHwESMC2I2n5ombLOVTt07IxUx2IQjDfpFEKQ6daEzGw2gKUe1U9aJMDifAXQ8QC12uKIPhx0wH3TlKQrs+BblsKnnqfqlv7Z/DRgb4JTSOpg=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx

I'm using my dual homed server not only as a Xen server (currently
with dom0 and dom1) but also as a NAT host. I have an NFS server
attached to eth1 of the Xen server with a crossover cable. Eth0 of the
Xen server has a public IP. I have static assignment for the internal
network (eth1) on the private block

My goal is to use the Xen server's dom0 as a NAT host so my NFS server
can access the net (to run debootstrap amongst other things).

NAT'ing works only when I *disable the two bridges* on dom0. I have
two bridges: one on eth0 and the other on eth1. I would like to know
if there are any special PRE/POST routing rules that need to be
inserted before this setup works.

An odd behavior that I've seen is that when I ping an internet host
from the NFS server ( traffic flows out through
Xen.server.eth1 (default gw) and then into vif0.0 (xenbr0's veth0) as
opposed to eth0.

Here are my simple NAT/FRWD rules that only work when the bridges are
brought down:
/sbin/iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

I appreciate your help on this. I'm running an unmodified Xen kernel
downloaded from xen.org. LMK if you need additional info.

Thanks all.

Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] Xen and kernel NAT, Debunk it <=