WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Xen 3.0, setting up a virtual network with NAT

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Xen 3.0, setting up a virtual network with NAT
From: CJ van den Berg <cj@xxxxxxxxxxxxx>
Date: Fri, 3 Feb 2006 17:15:52 +0100
Delivery-date: Fri, 03 Feb 2006 16:26:28 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20060203163147.GA6549@xxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Mail-followup-to: xen-users@xxxxxxxxxxxxxxxxxxx
References: <20060203163147.GA6549@xxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.11+cvs20060126
On Fri, Feb 03, 2006 at 04:31:47PM +0000, Richard Jones wrote:
> I've got a network set up as in the diagram below:
> 
>    domU               domU
>    fake eth0          fake eth0
>    192.168.99.2       192.168.99.3
>        |                   |
>        +-----------+-------+
>                    |
>                192.168.99.1
>                dummy0
>                 * dom0 *
>                real eth0
>                public IP address
> 
> In /etc/xen/xend-config.sxp I've got:
>  (network-script 'network-bridge netdev=dummy0')

What you want is:
(network-script network-nat)

> This all works fine in so far as domU can ping dom0 and dom0 can ping
> domU (ie. ping 192.168.99.2 -> 192.168.99.1 and
> ping 192.168.99.1 -> 192.168.99.2 is all OK).

This will work with the network-nat script too.

> If I enable routing in the kernel on dom0, then domU can try to ping
> the outside world, but of course the ping packets don't return because
> their source address is wrong (192.168.99.2, not public IP addr).
> 
> But if I add the following NAT rule:
>  iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> it makes no difference!  Somehow these packets are bypassing normal
> routing and so not being masqueraded, and so their source address is
> not rewritten.
> 
> Has anyone got this working?

Yes, I use this all the time. Use the network-nat script and vif-nat. It
should do exactly what you want.

> Note that I want to have a true virtual network here (not just domU
> NAT) because I want the domU's to be able to talk to each other.

The NAT scripts configure routing in dom0 and then they setup routes to
each of the domUs. So everyone can ping everyone else internally and
everyone can also go through NAT to the outside world.

-- 
CJ van den Berg

mailto:cj@xxxxxxxxxxxxx
  xmpp:cj@xxxxxxxxxxxxx
   sip:8918316@xxxxxxxxxx

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users