This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] Re: NAT through Dom0 on unstable branch

To: Bernhard Schmidt <berni@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] Re: NAT through Dom0 on unstable branch
From: Sheng S Lu <shenglu@xxxxxxxxxx>
Date: Wed, 22 Jun 2005 09:16:14 +0800
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 22 Jun 2005 01:14:10 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <slrndbgl8h.r2e.berni@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

I've met a similar case with my desktop and laptop computer connected with a switcher, not in XEN.

The reason of my problem is that I set a conflict IP address in one of my computer with the maintenance IP address of DSL modem.
And when the conflicting computer send out packets, the switcher puzzled and frozen. (Many DSL modems use IP address like,, and so on)

It may not be the reason of your case. Just for you information.

Bernhard Schmidt <berni@xxxxxxxxxxxxx>
Sent by: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

2005-06-22 01:51

[Xen-devel] Re: NAT through Dom0 on unstable branch

On 2005-06-20, Eitan Isaacson <ee.jay.eye@xxxxxxxxx> wrote:


> I am trying to set up a configuration in which a DomU and Dom0 are on
> their own subnet, and DomU accesses the real network through Dom0's
> NAT.
> These are the steps that I take (note, these steps worked fine in
> "testing" and "stable" branches):

I've seen a similar problem, which might or might not be related...

Although not being a developer, I'm running XEN unstable because I need
ACPI for my network interface chip. My network setup looked like the

               |                                          ,-------- |
               |  xen0       ,--------,  ,------,         |       | |
               |           ,-+ vlan10 +--+ br10 +-vif0.0 --- eth0 | |
               | ,------,  | `--------´  `------´         |       | |
,--------,      | |      |  | ,--------,  ,------,         |       | |
| Switch +--------+ eth0 +--+-+ vlan11 +--+ br11 |         |  xenU | |
`--------´      | |      |  | `--------´  `------´         |       | |
               | `------,  | ,--------,  ,------,         |       | |
               |           `-+ vlan20 +--+ br20 |         `-------´ |
               |             `--------´  `------`                   |
               |                                                    |

vlan10 is my internal network connecting all clients, vlan11 was unused,
vlan20 contains the PPPoE modem to connect to my ISP. Besides having this
PPPoE connection xen0 also runs an IPv6-in-IPv4 tunnel for IPv6 connectivity
of the whole network.

xen0 only had an RFC1918 IP address and an IPv6 address assigned on br10, a
public IPv4 address on ppp0 and another IPv6 address on sixxs (the
IPv6-tunnel). xen0 has NAT compiled in and enabled with

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

Connectivity between other clients, xen0 and xenU worked flawless in both
IPv4 and IPv6. Other clients could also access the internet being NATed in
xen0 for IPv4 and routed in IPv6. xen0 had no connection problems as well.

xenU could connect to IPv6 hosts in the internet without a single flaw. But,
as soon as a single IPv4 packet was sent from xenU to the internet I could
not transfer one single byte through the DSL line anymore, even from xen0
itself. tcpdump on ppp0 showed only incoming packets from some idiots
hammering my dynamic IP for peer2peer applications, but not a single byte
going out. Routing-table looked good. As soon as I killed pppd (closing
ppp0) and restarting it again it worked, until sending IPv4 from xenU again.

The box is an Athlon64 in i386-mode on an nVidia nForce3 chipset, the NIC is
a Marvell GigE. Both xen0 and xenU are Ubuntu hoary, the xen release was
downloaded the day after the patch from to was included
in xen-unstable. xen's own networking scripts creating the bridge at startup
have been disabled in favour of manually setting up the vlans and the
bridges in the Debian/Ubuntu way. When bridging vlan20 to xenU as well and
running PPPoE (and of course masquerading) there everything works like a
charm (this is my current setup).

Any ideas?


Xen-devel mailing list

Xen-devel mailing list