[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] NAT through Dom0 on unstable branch

Eitan Isaacson <ee.jay.eye@xxxxxxxxx> wrote:

> These are the steps that I take (note, these steps worked fine in
> "testing" and "stable" branches):
> 
> I first set up a bridge with a private IP:
> 
> brctl addbr mybr0
> ip addr add 192.168.0.1/24 dev mybr0
> ip link set mybr0 up
> 
> These are my network scripts in the xend config file:
> 
> (network-script     network-route)
> (vif-script         vif-bridge)
> (vif-bridge         mybr0)
> 
> I start a DomU with an IP of 192.168.0.101, and I am able to ping Dom0
> (192.186.0.1).
> 
> I enable IP forwarding, and I set up NAT:
> 
> sysctl -w net.ipv4.ip_forward=1  # (if not allready done by xend)
> iptables -t nat -A POSTROUTING -j MASQUERADE \
>   -o eth0 -s 192.168.0.1/24

An alternative solution would be:

iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT \ 
         --to-source <your.public.ip.address>

for incoming connections you could do some portforwarding:

iptables -t nat -A PREROUTING -i eth0 -d <your.public.ip.address> \ 
         -p tcp --dport 80 -j DNAT --to-dest <ip.address.of.domU>

by
Töns
-- 
There is no safe distance.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.