Xen with bridging and NAT for different VMs

This isn’t as painful as I was expecting. I’m using Xen-3.2-1 as ships with Debian Lenny. I’m assuming bridging works already with one VM.

First create a VM (assuming xen-tools installed and configured)

# xen-create-image --hostname=vmnat --lvm=misc-vg

Edit config files; thanks go to this post.

We will assume that eth0 on dom0 has an address of 172.16.1.1

# cd /etc/xen/scripts
# cp vif-route vif-myroute

edit /etc/xen/scripts/vif-myroute:

change:

main_ip=$(dom0_ip)

to:

main_ip=10.0.0.1
echo 1 > /proc/sys/net/ipv4/ip_forward

config file for the VM should contain:

vif = [ 'ip=10.0.0.2,script=vif-myroute' ]

Then run

# iptables -t nat -A POSTROUTING -s 10.0.0.2 -o eth0 \
-j SNAT --to 172.16.1.1

And I wanted to forward port 2222 on dom0 to 22 on domU (thanks):

# iptables -t nat -A PREROUTING -p tcp -i eth0 -d 172.16.1.1 --dport 2222 -j DNAT --to 10.0.0.2:22
# iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.2 --dport 22 -j ACCEPT

Putting all three iptables lines in /etc/rc.local should enable them to persist.

Configure the VM’s network settings to include:

address: 10.0.0.2
netmask: 255.255.255.252
gateway: 10.0.0.1

In Debian’s /etc/network/interfaces:

auto eth0
iface eth0 inet static
 address 10.0.0.2
 netmask 255.255.255.0
 gateway 10.0.0.1
 network 10.0.0.0
 broadcast 10.0.0.255

I also needed to install udev (aptitude install udev) in the domU before an SSH connection would succeed, and I needed to add some extra commands to the /etc/xen/vmnat.cfg:

#
# bugfix for hang during boot
#
extra = 'console=hvc0 xencons=tty'