|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] DomUs hidden behind Dom0 in the network?
Hello again, thanks very much for all the answers. I have been very busy thus the lack of a prompt answer. Sorry for that. >...are you able to do NAT? > >If so just use your Dom0 as the "NAT router" for your DomUs. > >If you have more then one MAC available / known you might configure your DomUs >with these MACs for their virtual ifaces. > > >hth >best regards, > > >Niels. >-- > --- > Niels Dettenbach > Syndicat IT & Internet > http://www.syndicat.com > PGP: https://syndicat.com/pub_key.asc > --- Yeah, I think NAT is the way to go regarding my issues. The problem is that I only have one IP address, it's linked to the MAC address of the server and I won't get additional IP addresses. >In xend-config.sxp: > >(network-script network-nat) >(vif-script vif-nat) > > >(instead of i.e. bridging or normal routing scripts - never tried xens NAT >scrip's but i assume they do that what they are called ;). > > > >Or do it similiar by hand with: > >echo 1 > /proc/sys/net/ipv4/ip_forward > >iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE >iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j >ACCEPT >iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT > > >where eth0 is the "outgoing" network interface to LAN of the Dom0. > > > >cheers, > >Niels. >-- > --- > Niels Dettenbach > Syndicat IT & Internet > http://www.syndicat.com > PGP: https://syndicat.com/pub_key.asc I tried that and it didn't work for me. Just changing the Xen script from bridge to NAT didn't help. I have two network interface controllers, eth0 and eth1. eth0 is the one that communicates with the network and has (limited, only http) access to the internet. That's why I thought about using eth1 to connect the domU's and dom0. For the domU cfg file I followed this guide https://help.ubuntu.com/community/Xen receiving the following cfg file name = "ubuntu-net" memory = 256 disk = ['phy:/dev/xenvg/ubuntu-net,xvda,w'] vif = ['ip=192.168.3.2'] kernel = "/var/lib/xen/images/ubuntu-netboot/vmlinuz" ramdisk = "/var/lib/xen/images/ubuntu-netboot/initrd.gz" extra = "debian-installer/exit/always_halt=true -- console=hvc0" which starts but doesn't gain net access and thus can't not be installed correct. I configured /etc/network/interfaces in this way: auto eth0 iface eth0 inet dhcp auto eth1 iface eth1 inet static address 192.168.3.1 network 192.168.3.0 netmask 255.255.255.0 broadcast 192.168.3.255 up /sbin/iptables -A FORWARD -o eth0 -i eth1 -s 192.168.3.0/16 -m conntrack --ctstate NEW -j ACCEPT up /sbin/iptables -A FORWARD -o eth0 -s 192.168.0.0/16 -m conntrack --ctstate NEW -j ACCEPT up /sbin/iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT up /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE up /etc/init.d/dnsmasq restart route tells me this: Destination Gateway Genmask Flags Metric Ref Use Iface default vrrp-sonst0010. 0.0.0.0 UG 100 0 0 eth0 141.42.152.0 * 255.255.254.0 U 0 0 0 eth0 192.168.3.0 * 255.255.255.0 U 0 0 0 eth1 and ifconfig this: eth0 Link encap:Ethernet HWaddr 00:30:48:bd:61:14 inet addr:141.42.152.159 Bcast:141.42.153.255 Mask:255.255.254.0 inet6 addr: fe80::230:48ff:febd:6114/64 Scope:Link eth1 Link encap:Ethernet HWaddr 00:30:48:bd:61:15 inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |