The default configuration one would use would result in 2 IP's being assigned to the Xen host.
Lets say I have a default IP of 1.2.3.4 on the main box, and the ISP has issued me 5.6.7.24/29, leaving me with 5.6.7.25-29 as usable IP's. One of the /29 range has to be applied to the base box to serve as a gateway, meaning that one IP is wasted (or you could say even 2 are wasted if you include the 1.2.3.4 address).
I didn't want to loose these 2 valuable IP's, so I used iptables with SNAT/DNAT to make use of all the assigned IP's.
The first steps were simple when I found this page: http://grml.org/xen/, so the bulk of the following code is copied from there.
Using a debian system, I entered the following extra config into my
/etc/network/interfaces to make the Xen host listen to my public IP's and perform DNAT/SNAT to private IP addresses.auto xenintbr
iface xenintbr inet static
pre-up brctl addbr xenintbr
post-down brctl delbr xenintbr
address 10.1.1.1
netmask 255.255.255.0
bridge_fd 0
bridge_hello 0
bridge_stp off
auto eth0:25
iface eth0:25 inet static
address 5.6.7.25
netmask 255.255.255.248
post-up iptables -t nat -A POSTROUTING -o eth0 -s 10.1.1.25 -j SNAT --to 5.6.7.25
post-up iptables -t nat -A PREROUTING -d 5.6.7.25 -j DNAT --to-destination 10.1.1.25
Next make xend set up the bridge correctly in
/etc/xen/xend-config.sxp. This tells xend to set up the bridge between the guest and the bridge setup above, but instead of using the default network-bridge, we simply do routing, and let the iptables rules above perform the routing to the outside world.(network-script network-route)
(vif-bridge xenintbr)
(vif-script vif-bridge)
And in the guest machine configure the network on the private subnet.
auto eth0
iface eth0 inet static
address 10.1.1.25
netmask 255.255.255.0
gateway 10.1.1.1
You can check the status of the iptables rules with:
iptables -L -vn
iptables -t nat -L -vn
No comments:
Post a Comment