I have a dedicated box at an ISP that provide me a base IP for the box and a /29 range. I'm using Xen to create VM's on this box and I wanted to maximize the use of IP's for my hosts.
The default configuration one would use would result in 2 IP's being assigned to the Xen host.
Lets say I have a default IP of 1.2.3.4 on the main box, and the ISP has issued me 5.6.7.24/29, leaving me with 5.6.7.25-29 as usable IP's. One of the /29 range has to be applied to the base box to serve as a gateway, meaning that one IP is wasted (or you could say even 2 are wasted if you include the 1.2.3.4 address).
I didn't want to loose these 2 valuable IP's, so I used iptables with SNAT/DNAT to make use of all the assigned IP's.
The first steps were simple when I found this page: http://grml.org/xen/, so the bulk of the following code is copied from there.
Using a debian system, I entered the following extra config into my /etc/network/interfaces to make the Xen host listen to my public IP's and perform DNAT/SNAT to private IP addresses. auto xenintbr iface xenintbr inet static pre-up brctl addbr xenintbr post-down brctl delbr xenintbr address 10.1.1.1 netmask 255.255.255.0 bridge_fd 0 bridge_hello 0 bridge_stp off
Next make xend set up the bridge correctly in /etc/xen/xend-config.sxp. This tells xend to set up the bridge between the guest and the bridge setup above, but instead of using the default network-bridge, we simply do routing, and let the iptables rules above perform the routing to the outside world. (network-script network-route) (vif-bridge xenintbr) (vif-script vif-bridge)
And in the guest machine configure the network on the private subnet. auto eth0 iface eth0 inet static address 10.1.1.25 netmask 255.255.255.0 gateway 10.1.1.1
You can check the status of the iptables rules with: iptables -L -vn iptables -t nat -L -vn
"Xen VM's & NAT Bridging"
No comments yet. -