| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
Re: [Xen-users] NAT and networks of domUs
Am Dienstag, den 12.04.2005, 14:29 +0200 schrieb Toens Bueker:
> the pdf on http://www.planet-lab.org/PDN/PDN-02-006/ has a very nice
> diagramm on the last page, which seems to describe networking in Xen.
>
> 1.) Can somebody confirm that the above ist true? If yes, I would suggest
> adding that diagram to the existing Xen docs.
Maybe the diagram is correct for the xenoserver project, but it's not
for xen-{2|unstable}. Virtual interfaces (pp* in the diagram, vif* on my
host) and eth0 appear in dom0. I do not know what the "virtual firewall
router" in the middle shall be if not dom0 (which is below).
> 2.) Has somebody on the list a working configuration with domUs on a private
> network, which is/are NATted to the internet via a public IP in dom0?
I did this with vmware and UML which is quiet similar. Should be easy.
> When I
> tried to assemble an iptables configuration for this setup, iptables seemed
> to not recognize xens vif-interfaces.
Maybe you still let xend setup bridging eth0? It's possible to do this
with bridging (then use iptables with "--physdev-{in|out}" instead of "-
i" and "-o"), but you probably want to do it with _routing_. That means
you may bridge all the virtual VM-devices together, but _not_ eth0. Try
this:
* Shutdown all domUs, stop xend
* Set up an empty bridge-device with private ip using you distro
sysconfig or by hand:
brctl addbr mybr0
ip addr add 192.168.1.1/24 dev mybr0
ip link set mybr0 up
* Configure xend (/etc/xen/xend-config.sxp) for not setting up
xen-br0 on startup, but nevertheless adding virtual interfaces
to your bridge:
(network-script network-route)
(vif-script vif-bridge)
(vif-bridge mybr0)
* start xend, boot your VMs, tell them to use IPs in 192.168.1.0/24,
default gw being 192.168.1.1. Now all doms should be able to ping
each other within 192.168.1.0/24.
* in dom0:
sysctl -w net.ipv4.ip_forward=1 # (if not allready done by xend)
iptables -t nat -A POSTROUTING -j MASQUERADE \
-o eth0 -s 192.168.1.0/24
What have i forgotten?
> Which Xen version/flavour is
> necessary to get such a setup up and running?
All you find on the xen download page.
/nils.
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
| |
|
Home