IP Tables option can be found in the kernel menuconfig configuration under
Networking ---> Networking options ---> [*] Network packet filtering (replaces ipchains) ---> Core Netfilter Configuration ---> <*> Netfilter Xtables support (required for ip_tables)
Networking ---> Networking options ---> [*] Network packet filtering (replaces ipchains) ---> IP: Netfilter Configuration ---> <*> IP tables support (required for filtering/masq/NAT)
Setup the following options in /etc/xen/xend-config.sxp(network-script network-nat)
(vif-script vif-nat)
Check (using ifconfig) that vif1.0 in Dom0 has an IP starting 10.0.0.*
Now edit your VM config file to set private local IP addresses
dhcp = "off"
vif = [ 'ip=10.0.0.1' ] <--the IP I want to assign to my VM
ip="10.0.0.1" <--add the above here again
gateway="10.0.0.128" <-- the internal IP address of my Dom0 vif1.0
netmask="255.255.255.0"
Similarly once you boot the VM you can update the above settings in /etc/network/interfaces file in DomU
auto eth0
iface eth0 inet static
address 10.0.0.1
netmask 255.255.255.0
gateway 10.0.0.128
At this point you should be able to ping Dom0 and nodes on the internet from DomU and DomU from Dom0. However DomU is not accessible from the internet because of its private IP address. To address this we can create a DMZ where Dom0 forwards packets to DomU using IP Table rules. For instance if we have an SSHd service running in DomU, then we can enable port forwarding in Dom0 using
iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 22 -j DNAT --to 10.0.0.1:22
A remote user who wants to SSH to DomU will simply give the Public IP of Dom0 while connecting via SSH.
0 comments:
Post a Comment