[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] NAT and networks of domUs

Toens Bueker <toens.bueker@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> writes:

> 2.) Has somebody on the list a working configuration with domUs on a private
> network, which is/are NATted to the internet via a public IP in dom0?

Shouldn't be that hard.  I had this running with UML some time ago.

In domain0 you'll have to create a bridge device with whatever name
you want ("brctl addbr xen0" for example) and tell the xen domU's to
connect to that bridge.  The bridge will be your private network.  Do
*not* add eth0 to that bridge.  You can do the usual stuff with it in
domain 0, i.e. configure some rfc1918 IP address, setup routes, let a
dhcp server run on it and hand out IP addresses, whatever you want ;)

iptables setup can be done this way for example:

  iptables -t filter -F
  iptables -t mangle -F
  iptables -t nat    -F
  iptables -t filter -P FORWARD DROP
  iptables -t mangle -A FORWARD -i xen0 -o eth0 -j MARK --set-mark 1
  iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
  iptables -t filter -A FORWARD -m mark --mark 1 -j ACCEPT
  iptables -t nat -A POSTROUTING -m mark --mark 1 -j MASQUERADE

This will accept and NAT traffic which comes from interface "xen0" and
is routed to interface "eth0".  Don't forget to enable IP forwarding
in domain 0.



#define printk(args...) fprintf(stderr, ## args)

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.