Denny Schierz
2005-Oct-16 02:44 UTC
[Xen-users] Switch, IP from provider and private address for domU
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi, i run into trouble with xen. I have one IP from my provider and i want to create three domUs with private addresses, like 192.168.x.x. I have now the problem, that the provider switch closes all ports to outside, if he find something from the private address. does anybody had the same problem? cu denny -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDUb51Klzhkqt9P+ARArFsAJ9HWmGHXbEPMqEDKCcogsxYY/P7BACbBnqm r1obRGy0Swk8RXKWzUq2daI=xyz1 -----END PGP SIGNATURE----- _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Charles Duffy
2005-Oct-16 09:14 UTC
[Xen-users] Re: Switch, IP from provider and private address for domU
Denny Schierz wrote:> i run into trouble with xen. I have one IP from my provider and i want > to create three domUs with private addresses, like 192.168.x.x. I have > now the problem, that the provider switch closes all ports to outside, > if he find something from the private address.You should masquerade connections from your DomUs to the outside world, instead of connecting the bridge they''re on directly to your physical ethernet device on the dom0. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Charles Duffy
2005-Oct-16 12:01 UTC
Re: [Xen-users] Re: Switch, IP from provider and private address for domU
On Sun, 2005-10-16 at 13:12 +0200, Denny Schierz wrote:> Charles Duffy schrieb: > > You should masquerade connections from your DomUs to the outside world, > > instead of connecting the bridge they''re on directly to your physical > > ethernet device on the dom0. > > i don''t find any documentation on google or xen homepage. Can you write > a little howto for us?Not now, no. However, general documentation on IP masquerading (non-Xen-specific) is widely available. All you need to do is disconnect your outside ethernet device from the bridge (say, by making a modified version of /etc/xen/scripts/network-bridge which gets rid of everything in op_start() except the create_bridge call, and in op_stop does nothing but remove and clear the bridge, and pointing the network-script setting in /etc/xen/xend-config.sxp at this new script), and then look for one of the many many many publicly available documents on general-purpose IP masquerading to determine how to set up masquerading between the bridge (actually the veth0 device, which should have its other side, vif0.0, connected to the bridge) and the outside world. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users