WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Xen with 3 networks and NAT

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Xen with 3 networks and NAT
From: Asko Tamm <askot@xxxxxxxxxxxxxx>
Date: Wed, 03 Jan 2007 17:49:23 +0200
Delivery-date: Wed, 03 Jan 2007 07:49:31 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <459B85C1.9070609@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <459B85C1.9070609@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.9 (X11/20061219)
Asko Tamm wrote:
> Dear All,
> 
> I'm having problems setting up NAT with my Xen 3.03 on Debian Sarge.
> 
> My current setup -
> 
> domU networking:
> eth0: WAN ip
> eth2: 192.168.1.5/24
> dummy0: 192.168.120.1/28
> 
> In xend-config:
> (network-script 'network-bridge netdev=dummy0')
> (vif-script vif-bridge)
> 
> iptables & NAT:
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
> echo 1 > /proc/sys/net/ipv4/ip_forward
> 
> dom0 (vm01) networking:
> eth0: 192.168.120.2, gw 192.168.120.1
> 
> 
> :~# brctl show
> bridge name     bridge id               STP enabled     interfaces
> xenbr2          8000.feffffffffff       no              pdummy0
>                                                         vif0.2
>                                                         vif2.0
> 
> 
> The goal is to get NAT working from dom0 to both networks (192.168.1/24
> and to internet). I can ping 192.168.120.1 from dom0, and ping works for
> WAN ip and 192.168.1.5. But dom0 does not see any other addresses on WAN
> and 192.168.1/24 network..
> 
> The other goal is to have possibility to have ip aliases in dom0.
> 
> What am I missing here? The packets coming from dom0 do not reach
> iptables nat rules, counters do not increase.. Wonder why?
> 
>  What could be a better way to achieve this setup? Xen networking is
> still a bit fuzzy to me..

Ok, I would like to rephrase the question :-).

 The NAT works with routing setup, but ip aliases don't work.

If i change my xen networking to routing:

domU networking:
eth0: WAN ip
eth2: 192.168.1.5/24
dummy0: 192.168.120.1

In xend-config:
(network-script 'network-route netdev=dummy0')
(vif-script     vif-route)

DomU Iptables:
iptables -t nat -A POSTROUTING -o eth2 -s 192.168.120.0/27 -d
192.168.0.0/16 -j SNAT --to-source 192.168.1.5
[0:0] -A POSTROUTING -o eth0 -s 192.168.120.0/27 -j SNAT --to-source $extip

In /etc/xen/vm01.conf:
vif=[
'mac=00:16:3e:70:01:01,ip=192.168.120.2','mac=00:16:3e:70:02:01,ip=192.168.120.3']
dhcp="off"
# ip addresses set inside dom0 config for eth0 and eth1

under vm01:
(vm01):~# ifconfig | grep addr
eth0      Link encap:Ethernet  HWaddr 00:16:3E:70:01:01
          inet addr:192.168.120.2  Bcast:192.168.120.15
Mask:255.255.255.240
eth1      Link encap:Ethernet  HWaddr 00:16:3E:70:02:01
          inet addr:192.168.120.3  Bcast:192.168.120.15
Mask:255.255.255.240

In that case NAT works. But the other IP address (192.168.120.3) does
not work, I can not ping it from domU. The routings seem to be OK. I
actually see the ping requests on dom0-s eth1, but dom0 does not answer.
The reason is a total mystery for me :-)

domU:~# netstat -rn | grep 192.168.120
192.168.120.3   0.0.0.0         255.255.255.255 UH        0 0          0
vif2.1
192.168.120.2   0.0.0.0         255.255.255.255 UH        0 0          0
vif2.0
192.168.120.0   0.0.0.0         255.255.255.240 U         0 0          0
dummy0

So, what could be the problem? With bridged setup I get multiple ip-s
(with ip aliases in dom0), but no NAT. With routed (and with natted
setup too) I get working NAT, but dom0 has only one working IP address.


How to setup more than one ip for dom0 , either with natted or routed
network?

--
asko

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>