[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] DomUs hidden behind Dom0 in the network?

  • To: "xen-users@xxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxx>
  • From: "Schröter, Philipp" <Philipp.Schroeter@xxxxxxxxxx>
  • Date: Wed, 29 Aug 2012 11:41:04 +0200
  • Accept-language: de-DE
  • Acceptlanguage: de-DE
  • Delivery-date: Wed, 29 Aug 2012 09:42:07 +0000
  • List-id: Xen user discussion <xen-users.lists.xen.org>
  • Thread-index: AQHNhcZ6mDOyJK4cg0qHEfRr3eeXJg==
  • Thread-topic: DomUs hidden behind Dom0 in the network?

Hello again,

thanks very much for all the answers.
I have been very busy thus the lack of a prompt answer. Sorry for that.

>...are you able to do NAT?
>If so just use your Dom0 as the "NAT router" for your DomUs.
>If you have more then one MAC available / known you might configure your DomUs
>with these MACs for their virtual ifaces.
>best regards,
> ---
> Niels Dettenbach
> Syndicat IT & Internet
> http://www.syndicat.com
> PGP: https://syndicat.com/pub_key.asc
> ---

Yeah, I think NAT is the way to go regarding my issues.
The problem is that I only have one IP address, it's linked to the MAC address 
of the server and I won't get additional IP addresses.

>In xend-config.sxp:
>(network-script network-nat)
>(vif-script     vif-nat)
>(instead of i.e. bridging or normal routing scripts - never tried xens NAT
>scrip's but i assume they do that what they are called ;).
>Or do it similiar by hand with:
>echo 1 > /proc/sys/net/ipv4/ip_forward
>iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j
>iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
>where eth0 is the "outgoing" network interface to LAN of the Dom0.
> ---
> Niels Dettenbach
> Syndicat IT & Internet
> http://www.syndicat.com
> PGP: https://syndicat.com/pub_key.asc

I tried that and it didn't work for me. Just changing the Xen script from 
bridge to NAT didn't help.
I have two network interface controllers, eth0 and eth1. eth0 is the one that 
communicates with the network and has (limited, only http) access to the 
internet. That's why I thought about using eth1 to connect the domU's and dom0.

For the domU cfg file I followed this guide

receiving the following cfg file
name = "ubuntu-net"
memory = 256
disk = ['phy:/dev/xenvg/ubuntu-net,xvda,w']
vif = ['ip=']
kernel = "/var/lib/xen/images/ubuntu-netboot/vmlinuz"
ramdisk = "/var/lib/xen/images/ubuntu-netboot/initrd.gz"
extra = "debian-installer/exit/always_halt=true -- console=hvc0"

which starts but doesn't gain net access and thus can't not be installed 

I configured /etc/network/interfaces in this way:
auto eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet static

up /sbin/iptables -A FORWARD -o eth0 -i eth1 -s -m conntrack 
--ctstate NEW -j ACCEPT
up /sbin/iptables -A FORWARD -o eth0 -s -m conntrack --ctstate 
up /sbin/iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j 
up /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
up /etc/init.d/dnsmasq restart

route tells me this:
Destination     Gateway            Genmask         Flags Metric Ref    Use Iface
default         vrrp-sonst0010.           UG    100    0        0 
eth0    *              U     0      0        0 
eth0     *              U     0      0        0 

and ifconfig this:
eth0      Link encap:Ethernet  HWaddr 00:30:48:bd:61:14
             inet addr:  Bcast:  Mask:
            inet6 addr: fe80::230:48ff:febd:6114/64 Scope:Link

eth1      Link encap:Ethernet  HWaddr 00:30:48:bd:61:15
            inet addr:  Bcast:  Mask:
            UP BROADCAST MULTICAST  MTU:1500  Metric:1
Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.