First, I noted that xen_nat_enable was *not* built along with the other tools in xeno-clone/install/bin. Is this still needed (per the README.CD instructions, for a NAT-based virtual host, rather than IP-based)?

I copied & ran the xen_nat_enable from the CD, and immediately was unable to access my machine to/from the network (I had already run "ifconfig eth0:0 169.254.1.0 up").

What I found was that the SuSEfirewall default configuration did not get along well with whatever changes to iptables were made by xen_nat_enable. My solution, which needs to be tuned later, was to edit /etc/sysconfig/SuSEfirewall2 to greatly loosen the firewall. I then restarted it:

/etc/rc.d/SuSEfirewall2_init restart /etc/rc.d/SuSEfirewall2_setup restart /etc/rc.d/SuSEfirewall2_final restart

The changes I made (again, these are certainly TOO MANY changes, but as you'll see in my next note there are still problems with network access to the virtual systems):

127c127 < FW_DEV_INT="eth0:0"

---

164c164 < FW_ROUTE="yes"

---

179c179 < FW_MASQUERADE="yes"

---

201c201 < FW_MASQ_NETS="169.254.1.0"

---

217c217 < FW_PROTECT_FROM_INTERNAL="no"

---

254c254 < FW_SERVICES_EXT_TCP="2200:2300 2049 http ssh rsync ftp smtp"

---

Of course, your firewall configuration might be different. -- Greg

------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/