From mboxrd@z Thu Jan 1 00:00:00 1970 From: Toens Bueker Subject: Re: NAT through Dom0 on unstable branch Date: Tue, 21 Jun 2005 21:15:13 +0200 Message-ID: <20050621191513.GA5877@neteligent.de> References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Return-path: Content-Disposition: inline In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org Eitan Isaacson wrote: > These are the steps that I take (note, these steps worked fine in > "testing" and "stable" branches): >=20 > I first set up a bridge with a private IP: >=20 > brctl addbr mybr0 > ip addr add 192.168.0.1/24 dev mybr0 > ip link set mybr0 up >=20 > These are my network scripts in the xend config file: >=20 > (network-script network-route) > (vif-script vif-bridge) > (vif-bridge mybr0) >=20 > I start a DomU with an IP of 192.168.0.101, and I am able to ping Dom0 > (192.186.0.1). >=20 > I enable IP forwarding, and I set up NAT: >=20 > sysctl -w net.ipv4.ip_forward=3D1 # (if not allready done by xend) > iptables -t nat -A POSTROUTING -j MASQUERADE \ > -o eth0 -s 192.168.0.1/24 An alternative solution would be: iptables -t nat -F POSTROUTING iptables -t nat -F PREROUTING iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT \=20 --to-source for incoming connections you could do some portforwarding: iptables -t nat -A PREROUTING -i eth0 -d \=20 -p tcp --dport 80 -j DNAT --to-dest by T=F6ns --=20 There is no safe distance.