[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Alternative to network-nat on Debian Squeeze with XEN4?

To: andrewx192@xxxxxxxxx
From: "Fajar A. Nugraha" <list@xxxxxxxxx>
Date: Mon, 20 Jun 2011 13:31:13 +0700
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Sun, 19 Jun 2011 23:32:04 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

On Mon, Jun 20, 2011 at 12:12 PM, Andrew Sorensen <andrewx192@xxxxxxxxx> wrote:
>> >> With that kind of setup (either manual or created by libvirt) you can
>> >> simply use bridge networking in Xen as usual, and it doesn't matter
>> >> whether your uplink is already bridged or not. And the same bridge+NAT
>> >> setup can be used for other virtualization setup as well (For example,
>> >> I'm using libvirt to create a bridge on my Virtualbox setup, which
>> >> Virtulbox uses later as bridged networking)
>> >>
>> > That was what I was trying to do. If you visit
>> > http://wiki.qemu.org/Documentation/Networking/NAT and take a look at
>> > that script at the bottom, it creates a bridged interface and takes in a
>> > a parameter to add to the NAT bridge. I'm not sure what I would need to
>> > modify in that script to create the NAT MASQUARADE rule.
>>
>> ... and what I've been trying to say is that you don't have to use
>> that script. Not if it gives you more trouble.
>>
>> Instead, I suggest you split it into two separate process:
>> (1) Creation of the bridge with NAT support
>> (2) Adding domU's vif to that bridge
>>
>> For (1) Can be done with either libvirt or setup manually.
>> For (2), you can simply use Xen's existing bridge script. No need to
>> create additional network script.
>>
>
> For (1), How would I go about setting it up manually?

I'd still recommend you use libvirt. However, if you want to create
the bridge manually, see
http://wiki.xensource.com/xenwiki/HostConfiguration/Networking .
Basically you use whatever method the OS has (/etc/network/interfaces
for Debian/Ubuntu).

As an example, you can use something like this on
/etc/network/interfaces which combines bridge and NAT creation (you
might need to load "dummy" module first, or add it to /etc/modules)

#=======================================
auto dummy0
iface dummy0 inet manual

auto br0
iface br0 inet static
        address 192.168.123.1
        netmask 255.255.255.0

        bridge_ports dummy0
        bridge_stp yes

        post-up /sbin/iptables --table filter --insert INPUT --source \
                192.168.123.0/255.255.255.0 --jump ACCEPT
        post-up /sbin/iptables --table filter --insert FORWARD --source \
                192.168.123.0/255.255.255.0 --jump ACCEPT
        post-up /sbin/iptables --table filter --insert FORWARD --destination \
                192.168.123.0/255.255.255.0 --match state \
                --state ESTABLISHED,RELATED --jump ACCEPT
        post-up /sbin/iptables --table nat --insert POSTROUTING --source \
                192.168.123.0/255.255.255.0 \
                ! --destination 192.168.123.0/255.255.255.0 --jump MASQUERADE

        pre-down /sbin/iptables --table filter --delete INPUT --source \
                192.168.123.0/255.255.255.0 --jump ACCEPT
        pre-down /sbin/iptables --table filter --delete FORWARD --source \
                192.168.123.0/255.255.255.0 --jump ACCEPT
        pre-down /sbin/iptables --table filter --delete FORWARD --destination \
                192.168.123.0/255.255.255.0 --match state \
                --state ESTABLISHED,RELATED --jump ACCEPT
        pre-down /sbin/iptables --table nat --delete POSTROUTING --source \
                192.168.123.0/255.255.255.0 \
                ! --destination 192.168.123.0/255.255.255.0 --jump MASQUERADE

#=======================================

Make sure that /proc/sys/net/ipv4/ip_forward = 1 (edit
/etc/sysctl.conf if you have to).

> For (2), When you refer to "bridge script" are you referring to -
> 'vif-script' or 'network-script'?
> Currently I am using a statement like
> 'bridge=br1,mac=xxxxxxxx,ip=xx.xx.xx.xx', which is working out fine for
> my "true" bridged network.

Just use whatever you currently use on "true" bridged network. Just
watch out for:
- bridge names. In my example, the bridge with NAT support is br0
- no need for "ip=xxxxx" part. Some setups with ebtables or modified
domU config can make use of that, but usually it's not needed
- setup IP address from domU. In my example I don't have a dhcp server
on dom0, so I need to assign static address in domU manually.

-- 
Fajar

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- [Xen-users] Alternative to network-nat on Debian Squeeze with XEN4?
  - From: Andrew Sorensen
- Re: [Xen-users] Alternative to network-nat on Debian Squeeze with XEN4?
  - From: Andrew Sorensen
- Re: [Xen-users] Alternative to network-nat on Debian Squeeze with XEN4?
  - From: Todd Deshane
- Re: [Xen-users] Alternative to network-nat on Debian Squeeze with XEN4?
  - From: Fajar A. Nugraha
- Re: [Xen-users] Alternative to network-nat on Debian Squeeze with XEN4?
  - From: Andrew Sorensen
- Re: [Xen-users] Alternative to network-nat on Debian Squeeze with XEN4?
  - From: Fajar A. Nugraha
- Re: [Xen-users] Alternative to network-nat on Debian Squeeze with XEN4?
  - From: Andrew Sorensen
- Re: [Xen-users] Alternative to network-nat on Debian Squeeze with XEN4?
  - From: Fajar A. Nugraha
- Re: [Xen-users] Alternative to network-nat on Debian Squeeze with XEN4?
  - From: Andrew Sorensen

Prev by Date: Re: [Xen-users] Re: Problem with HVM domU and virtual disk image
Next by Date: [Xen-users] 64bit Windows Guest Blue Screens on install
Previous by thread: Re: [Xen-users] Alternative to network-nat on Debian Squeeze with XEN4?
Next by thread: [Xen-users] 64bit Windows Guest Blue Screens on install
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.