Xen users - Jun 2011 - NAT networking in Xen

Hello everyone,

Last Friday I tried without success to get NAT networking working under 
Xen using mainly this guide:

http://wiki.kartbuilding.net/index.php/Xen_Networking

We are trying to get this set up under Debian Squeeze with Xen 4.1 built 
from source from Sid (Unstable).

Can somebody provide a guide or link to a guide that does work, 
including how to do port forwarding to the virtual machines?

Many thanks!
Iordan Iordanov

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

I don''t know if you''re still in need of assistance, but I just
did a
post on how to setup NAT based networking, with a similar setup.
While I do not cover port forwarding to virtual machines, I hope this
helps in some way.

http://www.andrewsorensen.net/blog/post/nat-networking-in-debian-squeeze

--
Andrew Sorensen
On Mon, 2011-06-27 at 11:38 -0400, Iordan Iordanov wrote:
> Hello everyone,
> 
> Last Friday I tried without success to get NAT networking working under 
> Xen using mainly this guide:
> 
> http://wiki.kartbuilding.net/index.php/Xen_Networking
> 
> We are trying to get this set up under Debian Squeeze with Xen 4.1 built 
> from source from Sid (Unstable).
> 
> Can somebody provide a guide or link to a guide that does work, 
> including how to do port forwarding to the virtual machines?
> 
> Many thanks!
> Iordan Iordanov
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Sun, Jul 3, 2011 at 3:52 AM, Andrew Sorensen <andrewx192@gmail.com>
wrote:
> I don''t know if you''re still in need of assistance, but I
just did a post on
> how to setup NAT based networking, with a similar setup.
> While I do not cover port forwarding to virtual machines, I hope this helps
> in some way.
>
> http://www.andrewsorensen.net/blog/post/nat-networking-in-debian-squeeze
>
I would nice if this information could be added to this wiki page:
http://wiki.xensource.com/xenwiki/HostConfiguration/Networking

Thanks,
Todd

> --
> Andrew Sorensen
> On Mon, 2011-06-27 at 11:38 -0400, Iordan Iordanov wrote:
>
> Hello everyone,
>
> Last Friday I tried without success to get NAT networking working under
> Xen using mainly this guide:
>
> http://wiki.kartbuilding.net/index.php/Xen_Networking
>
> We are trying to get this set up under Debian Squeeze with Xen 4.1 built
> from source from Sid (Unstable).
>
> Can somebody provide a guide or link to a guide that does work,
> including how to do port forwarding to the virtual machines?
>
> Many thanks!
> Iordan Iordanov
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>


-- 
Todd Deshane
http://www.linkedin.com/in/deshantm
http://www.xen.org/products/cloudxen.html
http://runningxen.com/

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hello,

I''m trying to set up the NAT network configuration for xen but
I''m
having some issues.  I''ve have the correct lines commented and
uncommented in my xend-xonfig.xsd file:

#(network-script network-bridge)
#(vif-script vif-bridge)
#(network-script network-route)
#(vif-script     vif-route)
(network-script network-nat)
(vif-script     vif-nat)

My domain config file for my paravirtualized fedora 14 domain contains
the following text:

name="default"
description="None"
memory=512
maxmem=512
vcpus=1
on_poweroff="destroy"
on_reboot="restart"
on_crash="destroy"
localtime=0
keymap="en-us"
builder="linux"
bootloader="/usr/bin/pygrub"
bootargs=""
extra=" "
disk=[ ''file:/var/lib/xen/images/default.img,xvda,w'', ]
vif=[ ''ip=10.0.0.2'', ]
NETMASK = "255.0.0.0"
GATEWAY = "10.0.0.1"
vfb=[''type=vnc,vncunused=1'']

extra = "console=hvc0"

When i start the domain my iptables has the following entries:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:ssh
ACCEPT     udp  --  anywhere             anywhere            state NEW
udp dpt:ipp
ACCEPT     udp  --  anywhere             224.0.0.251         state NEW
udp dpt:mdns
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:ipp
ACCEPT     udp  --  anywhere             anywhere            state NEW
udp dpt:ipp
ACCEPT     udp  --  anywhere             anywhere            state NEW
udp dpt:snmp
REJECT     all  --  anywhere             anywhere            reject-with
icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            PHYSDEV
match --physdev-out vif1.0 --physdev-is-bridged
ACCEPT     udp  --  anywhere             anywhere            PHYSDEV
match --physdev-in vif1.0 --physdev-is-bridged udp spt:bootpc dpt:bootps
ACCEPT     all  --  anywhere             anywhere            PHYSDEV
match --physdev-out vif1.0 --physdev-is-bridged
ACCEPT     all  --  10.0.0.2             anywhere            PHYSDEV
match --physdev-in vif1.0 --physdev-is-bridged
REJECT     all  --  anywhere             anywhere            reject-with
icmp-host-prohibited

and my ifconfig looks like:

eth0      Link encap:Ethernet  HWaddr 00:0E:0C:6C:48:F5
          inet addr:192.168.222.77  Bcast:192.168.222.255
Mask:255.255.255.0
          inet6 addr: fe80::20e:cff:fe6c:48f5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6572 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4115 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:6549366 (6.2 MiB)  TX bytes:438666 (428.3 KiB)

eth1      Link encap:Ethernet  HWaddr 00:1C:C0:CB:B6:59
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Memory:e0400000-e0420000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:208 errors:0 dropped:0 overruns:0 frame:0
          TX packets:208 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:15880 (15.5 KiB)  TX bytes:15880 (15.5 KiB)

vif1.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:22 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:0 (0.0 b)  TX bytes:1542 (1.5 KiB)

I have configured the network settings in the domU to be the same as
specified in the domain config file.  When I try to ping the default
gateway from the domU I can see packts on the vif1.0 interface saying:

7	25.900903	Xensourc_34:7d:9b	Broadcast	ARP	Who has 10.0.0.1?  Tell 10.0.0.2

Based on the iptables output, it seems like xen is still trying to used
a bridged network type configuration.  I should note that I have
restarted the xen daemon after making the changes to the xend-config.xsd
config file.  Are there some other settings I have to change in order to
use a NAT type configuration?  Thanks in advance.

- John





_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

I''ve resolved the issue myself.

I am using a fedora 14 dom0 and the network manager was enabled.
Whenever xen would create a virtual interface the network manager would
attempt to run dhcp on this interface and erase its ip information.  The
solution was to disable the network manager.

- John

On 07/05/2011 02:22 PM, John Backes wrote:
> Hello,
> 
> I''m trying to set up the NAT network configuration for xen but
I''m
> having some issues.  I''ve have the correct lines commented and
> uncommented in my xend-xonfig.xsd file:
> 
> #(network-script network-bridge)
> #(vif-script vif-bridge)
> #(network-script network-route)
> #(vif-script     vif-route)
> (network-script network-nat)
> (vif-script     vif-nat)
> 
> My domain config file for my paravirtualized fedora 14 domain contains
> the following text:
> 
> name="default"
> description="None"
> memory=512
> maxmem=512
> vcpus=1
> on_poweroff="destroy"
> on_reboot="restart"
> on_crash="destroy"
> localtime=0
> keymap="en-us"
> builder="linux"
> bootloader="/usr/bin/pygrub"
> bootargs=""
> extra=" "
> disk=[ ''file:/var/lib/xen/images/default.img,xvda,w'', ]
> vif=[ ''ip=10.0.0.2'', ]
> NETMASK = "255.0.0.0"
> GATEWAY = "10.0.0.1"
> vfb=[''type=vnc,vncunused=1'']
> 
> extra = "console=hvc0"
> 
> When i start the domain my iptables has the following entries:
> 
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere            state
> RELATED,ESTABLISHED
> ACCEPT     icmp --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     tcp  --  anywhere             anywhere            state NEW
> tcp dpt:ssh
> ACCEPT     udp  --  anywhere             anywhere            state NEW
> udp dpt:ipp
> ACCEPT     udp  --  anywhere             224.0.0.251         state NEW
> udp dpt:mdns
> ACCEPT     tcp  --  anywhere             anywhere            state NEW
> tcp dpt:ipp
> ACCEPT     udp  --  anywhere             anywhere            state NEW
> udp dpt:ipp
> ACCEPT     udp  --  anywhere             anywhere            state NEW
> udp dpt:snmp
> REJECT     all  --  anywhere             anywhere            reject-with
> icmp-host-prohibited
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere            PHYSDEV
> match --physdev-out vif1.0 --physdev-is-bridged
> ACCEPT     udp  --  anywhere             anywhere            PHYSDEV
> match --physdev-in vif1.0 --physdev-is-bridged udp spt:bootpc dpt:bootps
> ACCEPT     all  --  anywhere             anywhere            PHYSDEV
> match --physdev-out vif1.0 --physdev-is-bridged
> ACCEPT     all  --  10.0.0.2             anywhere            PHYSDEV
> match --physdev-in vif1.0 --physdev-is-bridged
> REJECT     all  --  anywhere             anywhere            reject-with
> icmp-host-prohibited
> 
> and my ifconfig looks like:
> 
> eth0      Link encap:Ethernet  HWaddr 00:0E:0C:6C:48:F5
>           inet addr:192.168.222.77  Bcast:192.168.222.255
> Mask:255.255.255.0
>           inet6 addr: fe80::20e:cff:fe6c:48f5/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:6572 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:4115 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:6549366 (6.2 MiB)  TX bytes:438666 (428.3 KiB)
> 
> eth1      Link encap:Ethernet  HWaddr 00:1C:C0:CB:B6:59
>           UP BROADCAST MULTICAST  MTU:1500  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
>           Memory:e0400000-e0420000
> 
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:208 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:208 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:15880 (15.5 KiB)  TX bytes:15880 (15.5 KiB)
> 
> vif1.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
>           inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:9 errors:0 dropped:22 overruns:0 carrier:0
>           collisions:0 txqueuelen:32
>           RX bytes:0 (0.0 b)  TX bytes:1542 (1.5 KiB)
> 
> I have configured the network settings in the domU to be the same as
> specified in the domain config file.  When I try to ping the default
> gateway from the domU I can see packts on the vif1.0 interface saying:
> 
> 7	25.900903	Xensourc_34:7d:9b	Broadcast	ARP	Who has 10.0.0.1?  Tell
10.0.0.2
> 
> Based on the iptables output, it seems like xen is still trying to used
> a bridged network type configuration.  I should note that I have
> restarted the xen daemon after making the changes to the xend-config.xsd
> config file.  Are there some other settings I have to change in order to
> use a NAT type configuration?  Thanks in advance.
> 
> - John
> 
> 
> 
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
> 
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users