You are here: Home / Debian GNU/Linux / System / Xen / Link a NATed Xen DomU to a public IP address

Link a NATed Xen DomU to a public IP address

by Pierre-Yves Landuré last modified Nov 11, 2017 09:23

When bridged networking allow to give a public IP address to a DomU, NATed networking allow to use the same public IP address for many DomU (provided that listened to port are different). On of NATed networking inconvenient is that all DomUs have the same public IP address. This guide present a method to give another public IP address to a specific DomU.

This howto is tested on:

  • Debian 6.0 Squeeze

Parameters

Provide the name of the network interface to link to the DomU :

NET_DEV="eth0:1"

Provide the name of the linked DomU :

DOMU="domu.domain.xen"

Installation

Create the vif-nat script associated to the network interface :

CLEAN_NET_DEV=$(command echo ${NET_DEV} | command tr ':' '-')
command cp -a '/etc/xen/scripts/vif-nat' "/etc/xen/scripts/vif-nat-${CLEAN_NET_DEV}"

Detect the network interface IP address :

NET_IP="$(command ifconfig "${NET_DEV}" \
  | command grep 'inet ' \
| command sed -e 's/^.*inet [^:]*:\([^ ]*\) .*$/\1/')"

Detect the real name of the network interface (in case ${NET_DEV} is an alias) :

REAL_NET_DEV=$(command echo ${NET_DEV} | command sed -e 's/:.*$//')

Update the script to insert the iptables rules specific to the DomU:

command sed -i \
    -e "/proxy_arp/a\\
iptables -t nat -I POSTROUTING -j SNAT -o ${REAL_NET_DEV} --to-source ${NET_IP} -s \${ip}" \
    -e "/ifconfig.*down/a\\
iptables -t nat -D POSTROUTING -j SNAT -o ${REAL_NET_DEV} --to-source ${NET_IP} -s \${ip}" \
"/etc/xen/scripts/vif-nat-${CLEAN_NET_DEV}"

Update the DomU configuration file to use the new script :

CONFIG_FILE="$(command find '/etc/xen' -name "${DOMU}.cfg")"
command cp "${CONFIG_FILE}" "${CONFIG_FILE}.orig"
if [ -e "${CONFIG_FILE}" ]; then
command sed -i \
-e "s/script=[^,]*,//g" \
-e "s/^\(vif[^']*'\)\(.*\)$/\1script=vif-nat-${CLEAN_NET_DEV},\2/" \
"${CONFIG_FILE}"
fi

Thanks

  • Thanks to gauthk for his reply to Xen et réseau (fr).
  • Thanks to pasik on ##xen for his help.