I''m having an issue where outbound traffic from my DomUs shows up with
the IP address of the Xen Dom0.
eg:
user@domu:~$ ssh user@anotherhost
where anotherhost sees the request coming from dom0, not the specific
domU (as it would in a NAT environment).
However, it is possible to ssh into the domU using it''s IP address on
the same subnet.
Here are my relevant configuration files:
# Dom0 /etc/network/interfaces:
auto br2
iface br2 inet static
address 172.24.90.1
network 172.24.0.0
netmask 255.248.0.0
bridge_ports eth2
bridge_stp off
bridge_fd 0
bridge_maxwait 0
# DomU /etc/network/interfaces:
auto eth1
iface eth1 inet static
address 172.16.3.1
netmask 255.248.0.0
broadcast 172.16.248.255
DomU xen configuration file:
vif = [
''bridge=br1,ip=172.16.3.1,mac=xx:xx:xx:xx:xx:xx'']
The host is Debian Squeeze (6.0), and the guest is Ubuntu 10.04
** The Dom0 also has a NAT network, on another interface, here''s the
relevant lines for that in /etc/network/interfaces: **
auto br3
iface br3 inet static
address 192.168.53.1
netmask 255.255.255.0
bridge_ports dummy0
bridge_stp yes
post-up /sbin/iptables --table filter --insert INPUT --source \
192.168.53.0/255.255.255.0 --jump ACCEPT
post-up /sbin/iptables --table filter --insert FORWARD --source \
192.168.53.0/255.255.255.0 --jump ACCEPT
post-up /sbin/iptables --table filter --insert FORWARD
--destination \
192.168.53.0/255.255.255.0 --match state \
--state ESTABLISHED,RELATED --jump ACCEPT
post-up /sbin/iptables --table nat --insert POSTROUTING --source \
192.168.53.0/255.255.255.0 \
! --destination 192.168.53.0/255.255.255.0 --jump MASQUERADE
pre-down /sbin/iptables --table filter --delete INPUT --source \
192.168.53.0/255.255.255.0 --jump ACCEPT
pre-down /sbin/iptables --table filter --delete FORWARD --source \
192.168.53.0/255.255.255.0 --jump ACCEPT
pre-down /sbin/iptables --table filter --delete FORWARD
--destination \
192.168.53.0/255.255.255.0 --match state \
--state ESTABLISHED,RELATED --jump ACCEPT
pre-down /sbin/iptables --table nat --delete POSTROUTING --source \
192.168.53.0/255.255.255.0 \
! --destination 192.168.53.0/255.255.255.0 --jump MASQUERADE