From: Toens Bueker <toens.bueker@lists0903.nurfuerspam.neuroserve.org>
To: xen-devel@lists.xensource.com
Subject: Re: NAT through Dom0 on unstable branch
Date: Tue, 21 Jun 2005 21:15:13 +0200 [thread overview]
Message-ID: <20050621191513.GA5877@neteligent.de> (raw)
In-Reply-To: <fa8d26480506201140246713f7@mail.gmail.com>
Eitan Isaacson <ee.jay.eye@gmail.com> wrote:
> These are the steps that I take (note, these steps worked fine in
> "testing" and "stable" branches):
>
> I first set up a bridge with a private IP:
>
> brctl addbr mybr0
> ip addr add 192.168.0.1/24 dev mybr0
> ip link set mybr0 up
>
> These are my network scripts in the xend config file:
>
> (network-script network-route)
> (vif-script vif-bridge)
> (vif-bridge mybr0)
>
> I start a DomU with an IP of 192.168.0.101, and I am able to ping Dom0
> (192.186.0.1).
>
> I enable IP forwarding, and I set up NAT:
>
> sysctl -w net.ipv4.ip_forward=1 # (if not allready done by xend)
> iptables -t nat -A POSTROUTING -j MASQUERADE \
> -o eth0 -s 192.168.0.1/24
An alternative solution would be:
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT \
--to-source <your.public.ip.address>
for incoming connections you could do some portforwarding:
iptables -t nat -A PREROUTING -i eth0 -d <your.public.ip.address> \
-p tcp --dport 80 -j DNAT --to-dest <ip.address.of.domU>
by
Töns
--
There is no safe distance.
next prev parent reply other threads:[~2005-06-21 19:15 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-20 18:40 NAT through Dom0 on unstable branch Eitan Isaacson
2005-06-20 22:10 ` Nils Toedtmann
2005-06-21 12:03 ` Grzegorz Milos
2005-06-21 17:51 ` Bernhard Schmidt
2005-06-22 1:16 ` Sheng S Lu
2005-06-21 19:15 ` Toens Bueker [this message]
2005-06-21 23:21 ` Rusty Russell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050621191513.GA5877@neteligent.de \
--to=toens.bueker@lists0903.nurfuerspam.neuroserve.org \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.