Re: [Xen-users] domU NAT network cannot connect

What is the host OS?


In my experience it is easier to either use libvirtd to control the virtual networking or run dnsmasq and configure iptables manually. I wouldnât rely on the network-nat script as it seems to only set the IP address of the vif endpoint in dom0.


Assuming you have libvirtd there are few ways of creating the virtual networking setup.

1 â Create a virtual network xml file. (The specification for the structure can be found at http://libvirt.org/formatnetwork.html). Then use the virsh command from the command line to create the virtual network. The xml file will tell libvirt to use a particular bridge and nat everything on that bridge. Additionally when vms connect to the bridge it will set up some iptables rules for you to do the forwarding from the bridge to your main network. This will require reverting your changes to the /etc/xen/xend-config.sxp

2 â Use virt-manager to configure the virtual network. This is a gui will allow you to setup the virtual networks without needed a predefined xml file. Where to go and what to click are highly dependent on the version being used as the interface has changed a lot over the fast couple years.

3 â Configure dnsmasq and iptables manually. Under the hood libvirt natâing really just sets up dnsmasq to provide dhcp, dns forwarding etc.. on the bridge interface as well as configures a few iptables rules to do the masquerading. You can configure this manually, although there is generally no need.




I followed this guide, and started my xend service with nat-network support:

(network-script network-nat)

(vif-script     vif-nat)

Then I started my domU with the following vif configure:

vif = ['ip=' ]


my domU is a win7 system, and I configured the network as:



default gateway:




I added the iptables NAT rule:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

But my domU still cannot connect to the network.


On my dom0, "ifconfig -a" returns as follow: (note: I started the vif8.0 IF by manual)


eth0: flags=4098<BROADCAST,MULTICAST>  mtu 1500

        ether 00:1e:37:d2:2b:da  txqueuelen 1000  (Ethernet)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 0  bytes 0 (0.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

        device interrupt 20  memory 0xfe200000-fe220000  


lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 16436

        inet  netmask

        inet6 ::1  prefixlen 128  scopeid 0x10<host>

        loop  txqueuelen 0  (Local Loopback)

        RX packets 76637  bytes 513836706 (490.0 MiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 76637  bytes 513836706 (490.0 MiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


tap8.0: flags=4098<BROADCAST,MULTICAST>  mtu 1500

        ether 3e:9b:52:95:03:d3  txqueuelen 500  (Ethernet)

        RX packets 2722  bytes 239183 (233.5 KiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 0  bytes 0 (0.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


vif8.0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet  netmask  broadcast

        ether fe:ff:ff:ff:ff:ff  txqueuelen 32  (Ethernet)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 0  bytes 0 (0.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 576

        inet  netmask  broadcast

        ether 00:1f:3c:27:e6:0c  txqueuelen 1000  (Ethernet)

        RX packets 11301  bytes 4467424 (4.2 MiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 9829  bytes 1330447 (1.2 MiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


I am new to xen, so I might have missed some settings. Please be kind to point out.


Thank you.

David Shen


