Hi,
I am using nat in XEN 3.0.1 and it
works.
I have one dom0 and one domU, but I think
it will work for more domUs, too.
I have a iptables-script, that runs on every
bootup:
========== SNIP ==========
#!/bin/bash
ipt=/sbin/iptables
$ipt -F -t nat
$ipt -F
$ipt -P FORWARD
ACCEPT
$ipt -P INPUT ACCEPT
$ipt -P OUTPUT ACCEPT
echo "1" >
/proc/sys/net/ipv4/ip_forward
# SSH
$ipt -t nat -A PREROUTING -d $extip -p tcp
--dport 22 -j DNAT --to 10.0.0.3
# FTP
$ipt -t nat -A PREROUTING -d $extip -p tcp --dport 21 -j
DNAT --to 10.0.0.3
# FTP-Passive Ports
$ipt -t nat -A
PREROUTING -d $extip -p tcp --dport 10001:10020 -j DNAT --to 10.0.0.3
$ipt -t nat -A POSTROUTING -s 10.0.0.0/24 -j
MASQUERADE
========== SNAP ==========
That's it.
If you want to change the destination port
(i.e. --to 10.0.0.3:22), I think it will
work, too.
Important are the lines
-> echo "1" ...
ans
-> ... MASQUERADE
So any network traffic to outside is possible
and inbound traffic for the specified ports.
This script has a further function: The lines
beginning with "$ipt -F" will first delete all existing rules and then
overwrite with the new ones. So you can upgrade your script with a further
rule (or delete a rule) and run it without any connection loss.
