[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] NAT and networks of domUs

Am Dienstag, den 12.04.2005, 14:29 +0200 schrieb Toens Bueker: 
> the pdf on http://www.planet-lab.org/PDN/PDN-02-006/ has a very nice
> diagramm on the last page, which seems to describe networking in Xen. 
> 
> 1.) Can somebody confirm that the above ist true? If yes, I would suggest
> adding that diagram to the existing Xen docs.

Maybe the diagram is correct for the xenoserver project, but it's not
for xen-{2|unstable}. Virtual interfaces (pp* in the diagram, vif* on my
host) and eth0 appear in dom0. I do not know what the "virtual firewall
router" in the middle shall be if not dom0 (which is below).


> 2.) Has somebody on the list a working configuration with domUs on a private
> network, which is/are NATted to the internet via a public IP in dom0? 

I did this with vmware and UML which is quiet similar. Should be easy.


> When I
> tried to assemble an iptables configuration for this setup, iptables seemed
> to not recognize xens vif-interfaces. 

Maybe you still let xend setup bridging eth0? It's possible to do this
with bridging (then use iptables with "--physdev-{in|out}" instead of "-
i" and "-o"), but you probably want to do it with _routing_. That means
you may bridge all the virtual VM-devices together, but _not_ eth0. Try
this: 

  * Shutdown all domUs, stop xend

  * Set up an empty bridge-device with private ip using you distro 
    sysconfig or by hand:

      brctl addbr mybr0
      ip addr add 192.168.1.1/24 dev mybr0
      ip link set mybr0 up


  * Configure xend (/etc/xen/xend-config.sxp) for not setting up 
    xen-br0 on startup, but nevertheless adding virtual interfaces 
    to your bridge:

      (network-script     network-route)
      (vif-script         vif-bridge)
      (vif-bridge         mybr0)


  * start xend, boot your VMs, tell them to use IPs in 192.168.1.0/24,
    default gw being 192.168.1.1. Now all doms should be able to ping 
    each other within 192.168.1.0/24.


  * in dom0:

      sysctl -w net.ipv4.ip_forward=1  # (if not allready done by xend)
      iptables -t nat -A POSTROUTING -j MASQUERADE \
        -o eth0 -s 192.168.1.0/24


What have i forgotten?


> Which Xen version/flavour is
> necessary to get such a setup up and running?

All you find on the xen download page.

/nils.


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.