[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Trouble with Nat Xen setup

On Tue, 2015-02-24 at 20:19 -0800, JMW MVM wrote:
>                      It turned out the problem was just that I had put
> the DomU on the wrong subnet.

Since it is behind NAT the subnet is largely arbitrary, you can just
make one up (subject to RFC 1918 of course).

You just need to make sure it doesn't clash with other subnets you might
want to communicate with, which from what you say below means avoiding
at least 192.168.1.x as used by your internal gateway.

>  I had made a silly assumption, thinking
> that since the NAT rule is supposed to rewrite packets to have the
> same IP as Dom0, that that rule would apply to all packets originating
> on the same machine.

I'm not a NAT expert, so take with a pinch of salt...

It will affect any packets egressing via the interface which is
configured to do MASQUERADING, the originating subnet is not terribly
relevant, I don't think, unless you've got more complex rules in place.

There's not actually much Xen specific here, you can consider dom0 to be
the same as a physical system with N real NICs, N-1 going to internal
networks and the last one attached to the outside world and doing
masquerading. Given that you might find various non-Xen network focused
resources handy.

>  My thinking now is that it applies only to
> packets from the same subnet.  Now I'm wondering if the rule I
> currently have in place will modify or duplicate packets coming from
> outside the machine.

I think it's better to think about what happens to packets as they
traverse individual network interfaces (virtual or real) rather than
inside/outside the machine.

>  This is my first experience setting up NAT, so if
> you have any advice I would appreciate hearing it. I'm not intending
> to use this machine as a router, I just want to route packets from my
> DomU's correctly. The router that serves as the gateway on my home
> network is currently configured to only give out IP's on the
> 192.168.1.x subnet, so if you think I need to modify the rule somehow,
> please let me know.
>       Thanks,
>                  JMW

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.