7 messages in com.xensource.lists.xen-develRe: [Xen-devel] NAT through Dom0 on u...| From | Sent On | Attachments |
|---|---|---|
| Eitan Isaacson | 20 Jun 2005 11:39 | |
| Nils Toedtmann | 20 Jun 2005 15:09 | |
| Grzegorz Milos | 21 Jun 2005 05:03 | |
| Bernhard Schmidt | 21 Jun 2005 10:51 | |
| Toens Bueker | 21 Jun 2005 12:14 | |
| Rusty Russell | 21 Jun 2005 16:20 | |
| Sheng S Lu | 21 Jun 2005 18:15 |
| Subject: | Re: [Xen-devel] NAT through Dom0 on unstable branch |
|---|---|
| From: | Grzegorz Milos (gm2...@hermes.cam.ac.uk) |
| Date: | 06/21/2005 05:03:03 AM |
| List: | com.xensource.lists.xen-devel |
There are some scripts for setting up the NAT already in Xen (although they do not do exactly the same thing as you want to, as no bridge is set up. At least in the original version that I came up with). It would be interesting to see if they work.
Cheers Gregor
Hello, I might be the first to encounter this issue, so I think it is worth posting...
I am trying to set up a configuration in which a DomU and Dom0 are on their own subnet, and DomU accesses the real network through Dom0's NAT.
These are the steps that I take (note, these steps worked fine in "testing" and "stable" branches):
I first set up a bridge with a private IP:
brctl addbr mybr0 ip addr add 192.168.0.1/24 dev mybr0 ip link set mybr0 up
These are my network scripts in the xend config file:
(network-script network-route) (vif-script vif-bridge) (vif-bridge mybr0)
I start a DomU with an IP of 192.168.0.101, and I am able to ping Dom0 (192.186.0.1).
I enable IP forwarding, and I set up NAT:
sysctl -w net.ipv4.ip_forward=1 # (if not allready done by xend) iptables -t nat -A POSTROUTING -j MASQUERADE \ -o eth0 -s 192.168.0.1/24
I am able to ping the outside world by IP, but name resolution, or any other TCP/IP traffic does not work. The very strange part is that tcpdump seems to show packets arriving at their destination on the outside world hosts. but besides the ACKs, the outside hosts do not respond. I am not a networking expert, so I am sorry if my diagnoses is not full.
Here is a bit more info (on Dom0): # iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination
Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 192.168.0.0/24 anywhere
Chain OUTPUT (policy ACCEPT) target prot opt source destination
# ifconfig eth0 Link encap:Ethernet HWaddr 00:0F:1F:8C:17:D6 inet addr: 10.0.20.10 Bcast:10.0.255.255 Mask:255.255.0.0 UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1 RX packets:30868 errors:0 dropped:0 overruns:0 frame:0 TX packets:1121 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:8172500 (7.7 Mb) TX bytes:158965 (155.2 Kb) Base address:0xdf40 Memory:fcfe0000-fd000000
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:5 errors:0 dropped:0 overruns:0 frame:0 TX packets:5 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:288 (288.0 b) TX bytes:288 (288.0 b)
mybr0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF inet addr:192.168.0.1 Bcast:0.0.0.0 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:12 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:834 (834.0 b) TX bytes:938 (938.0 b)
vif1.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:13 errors:0 dropped:0 overruns:0 frame:0 TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1044 (1.0 Kb) TX bytes:812 (812.0 b)
# brctl show bridge name bridge id STP enabled interfaces mybr0 8000.feffffffffff no vif1.0
Thanks!
_______________________________________________ Xen-devel mailing list Xen-...@lists.xensource.com http://lists.xensource.com/xen-devel
-- Quidquid latine dictum sit, altum viditur --- Anon
_______________________________________________ Xen-devel mailing list Xen-...@lists.xensource.com http://lists.xensource.com/xen-devel