| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
Re: [Xen-users] NAT and networks of domUs
Toens Bueker <toens.bueker@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> writes:
> 2.) Has somebody on the list a working configuration with domUs on a private
> network, which is/are NATted to the internet via a public IP in dom0?
Shouldn't be that hard. I had this running with UML some time ago.
In domain0 you'll have to create a bridge device with whatever name
you want ("brctl addbr xen0" for example) and tell the xen domU's to
connect to that bridge. The bridge will be your private network. Do
*not* add eth0 to that bridge. You can do the usual stuff with it in
domain 0, i.e. configure some rfc1918 IP address, setup routes, let a
dhcp server run on it and hand out IP addresses, whatever you want ;)
iptables setup can be done this way for example:
iptables -t filter -F
iptables -t mangle -F
iptables -t nat -F
iptables -t filter -P FORWARD DROP
iptables -t mangle -A FORWARD -i xen0 -o eth0 -j MARK --set-mark 1
iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t filter -A FORWARD -m mark --mark 1 -j ACCEPT
iptables -t nat -A POSTROUTING -m mark --mark 1 -j MASQUERADE
This will accept and NAT traffic which comes from interface "xen0" and
is routed to interface "eth0". Don't forget to enable IP forwarding
in domain 0.
HTH,
Gerd
--
#define printk(args...) fprintf(stderr, ## args)
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
| |
|
Home