[Xen-users] NAT networking in Xen

To:	xen-users@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-users] NAT networking in Xen
From:	John Backes <john.backes@xxxxxxxxxxxxxxxxx>
Date:	Tue, 05 Jul 2011 14:22:47 -0500
Delivery-date:	Tue, 05 Jul 2011 12:24:02 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110428 Fedora/3.1.10-1.fc14 Thunderbird/3.1.10

Hello,

I'm trying to set up the NAT network configuration for xen but I'm
having some issues.  I've have the correct lines commented and
uncommented in my xend-xonfig.xsd file:

#(network-script network-bridge)
#(vif-script vif-bridge)
#(network-script network-route)
#(vif-script     vif-route)
(network-script network-nat)
(vif-script     vif-nat)

My domain config file for my paravirtualized fedora 14 domain contains
the following text:

name="default"
description="None"
memory=512
maxmem=512
vcpus=1
on_poweroff="destroy"
on_reboot="restart"
on_crash="destroy"
localtime=0
keymap="en-us"
builder="linux"
bootloader="/usr/bin/pygrub"
bootargs=""
extra=" "
disk=[ 'file:/var/lib/xen/images/default.img,xvda,w', ]
vif=[ 'ip=10.0.0.2', ]
NETMASK = "255.0.0.0"
GATEWAY = "10.0.0.1"
vfb=['type=vnc,vncunused=1']

extra = "console=hvc0"

When i start the domain my iptables has the following entries:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:ssh
ACCEPT     udp  --  anywhere             anywhere            state NEW
udp dpt:ipp
ACCEPT     udp  --  anywhere             224.0.0.251         state NEW
udp dpt:mdns
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:ipp
ACCEPT     udp  --  anywhere             anywhere            state NEW
udp dpt:ipp
ACCEPT     udp  --  anywhere             anywhere            state NEW
udp dpt:snmp
REJECT     all  --  anywhere             anywhere            reject-with
icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            PHYSDEV
match --physdev-out vif1.0 --physdev-is-bridged
ACCEPT     udp  --  anywhere             anywhere            PHYSDEV
match --physdev-in vif1.0 --physdev-is-bridged udp spt:bootpc dpt:bootps
ACCEPT     all  --  anywhere             anywhere            PHYSDEV
match --physdev-out vif1.0 --physdev-is-bridged
ACCEPT     all  --  10.0.0.2             anywhere            PHYSDEV
match --physdev-in vif1.0 --physdev-is-bridged
REJECT     all  --  anywhere             anywhere            reject-with
icmp-host-prohibited

and my ifconfig looks like:

eth0      Link encap:Ethernet  HWaddr 00:0E:0C:6C:48:F5
          inet addr:192.168.222.77  Bcast:192.168.222.255
Mask:255.255.255.0
          inet6 addr: fe80::20e:cff:fe6c:48f5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6572 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4115 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:6549366 (6.2 MiB)  TX bytes:438666 (428.3 KiB)

eth1      Link encap:Ethernet  HWaddr 00:1C:C0:CB:B6:59
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Memory:e0400000-e0420000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:208 errors:0 dropped:0 overruns:0 frame:0
          TX packets:208 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:15880 (15.5 KiB)  TX bytes:15880 (15.5 KiB)

vif1.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:22 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:0 (0.0 b)  TX bytes:1542 (1.5 KiB)

I have configured the network settings in the domU to be the same as
specified in the domain config file.  When I try to ping the default
gateway from the domU I can see packts on the vif1.0 interface saying:

7       25.900903       Xensourc_34:7d:9b       Broadcast       ARP     Who has 
10.0.0.1?  Tell 10.0.0.2

Based on the iptables output, it seems like xen is still trying to used
a bridged network type configuration.  I should note that I have
restarted the xen daemon after making the changes to the xend-config.xsd
config file.  Are there some other settings I have to change in order to
use a NAT type configuration?  Thanks in advance.

- John





_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

WARNING - OLD ARCHIVES

xen-users

[Xen-users] NAT networking in Xen