The Perfect Xen 3.1.0 Setup For Debian Etch (i386) - Page 7
5.5 Create A Virtual Local Network From The Virtual Machines (Optional)
(This chapter is optional.)
In this chapter I want to create a virtual network with my virtual machines, i.e. a network that is different from the network of dom0.
You can find a drawing of what I want to do here: http://wiki.xensource.com/xenwiki/XenNetworkingUsecase#head-7f23d0f2248cb0c70458f9339b4405e2b1bfc271
I did the same with Xen 2.0.7 here: http://www.howtoforge.com/perfect_xen_setup_debian_ubuntu_p6. However, the way to achieve this with Xen 3 has changed completely. Xen 3 configures all the firewall rules, gateways, etc. automatically. Furthermore, we don't need any dummy network interface anymore for our virtual network. It is important to know that Xen 3 assigns gateways from the 10.x.x.x net to our virtual machines, so it is a good idea to also assign IP addresses from the 10.x.x.x net to our virtual machines. If you give them IP addresses from the 192.168.3.x net (as we did with Xen 2.0.7 on http://www.howtoforge.com/perfect_xen_setup_debian_ubuntu_p6), then your virtual machines will have no access to the internet.
So we will give xen1.example.com the IP address 10.0.0.1 and xen2.example.com the IP address 10.0.0.2.
First we edit /etc/xen/xend-config.sxp and disable bridging and enable NAT (network address translation) instead:
Then we change the IP address in the configuration files of xen1.example.com and xen2.example.com:
Afterwards shut down xen1.example.com and xen2.example.com (if they are running):
xm shutdown xen1.example.com
Wait a few seconds and control with xm list that xen1.example.com and xen2.example.com have shut down. Then reboot the system:
shutdown -r now
If xen1.example.com and xen2.example.com aren't started automatically at boot time, start them now:
xm create /etc/xen/xen1.example.com.cfg
xm create /etc/xen/xen2.example.com.cfg
After both virtual machines have booted, we must log in on xen1.example.com. There we open /etc/network/interfaces and change the IP address (10.0.0.1), the gateway (10.0.0.254), and the netmask (255.0.0.0):
Then we restart the network on xen1.example.com:
Now we do the same on xen2.example.com (this time we set the IP address to 10.0.0.2):
Then we restart the network on xen2.example.com:
Now you should be able to ping xen2.example.com from xen1.example.com and vice versa, and you should also be able to ping dom0 and hosts on the internet!
Now let's assume we have a web server on port 80 on xen1.example.com and a mail server on port 25 on xen2.example.com. As they are in their own network (10.x.x.x), we cannot access them from the outside unless we forward these ports to the appropriate vm. We can create the necessary port forwarding rules on dom0 with the help of iptables:
iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 80 -j DNAT --to 10.0.0.1:80
If we connect to dom0 now on port 80, we are forwarded to xen1.example.com. The same goes for port 25 and xen2.example.com.
Of course, the forwarding rules are lost when we reboot dom0. Therefore we put the rules into /etc/network/if-up.d/iptables, which is executed automatically when the system boots:
Now we have to make that script executable:
chmod 755 /etc/network/if-up.d/iptables
Whenever you need additional port forwarding rules, execute them on dom0's shell and then append them to /etc/network/if-up.d/iptables so that they are available even after a reboot.