This isn’t as painful as I was expecting. I’m using Xen-3.2-1 as ships with Debian Lenny. I’m assuming bridging works already with one VM.
First create a VM (assuming xen-tools installed and configured)
# xen-create-image --hostname=vmnat --lvm=misc-vg
Edit config files; thanks go to this post.
We will assume that eth0 on dom0 has an address of 172.16.1.1
# cd /etc/xen/scripts # cp vif-route vif-myroute
main_ip=10.0.0.1 echo 1 > /proc/sys/net/ipv4/ip_forward
config file for the VM should contain:
vif = [ 'ip=10.0.0.2,script=vif-myroute' ]
# iptables -t nat -A POSTROUTING -s 10.0.0.2 -o eth0 \ -j SNAT --to 172.16.1.1
And I wanted to forward port 2222 on dom0 to 22 on domU (thanks):
# iptables -t nat -A PREROUTING -p tcp -i eth0 -d 172.16.1.1 --dport 2222 -j DNAT --to 10.0.0.2:22 # iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.2 --dport 22 -j ACCEPT
Putting all three iptables lines in /etc/rc.local should enable them to persist.
Configure the VM’s network settings to include:
address: 10.0.0.2 netmask: 255.255.255.252 gateway: 10.0.0.1
In Debian’s /etc/network/interfaces:
auto eth0 iface eth0 inet static address 10.0.0.2 netmask 255.255.255.0 gateway 10.0.0.1 network 10.0.0.0 broadcast 10.0.0.255
I also needed to install udev (aptitude install udev) in the domU before an SSH connection would succeed, and I needed to add some extra commands to the /etc/xen/vmnat.cfg:
# # bugfix for hang during boot # extra = 'console=hvc0 xencons=tty'