Private Guest Network

From Zanecorpwiki

Jump to: navigation, search

Problem

You've got a host (DOM0) and one or more guests (DOMUs); you want the host to act as a masquerading firewall for the guests. One common situation, you have a limited number of public IPs with which to route and so you want some of your guests to use private IPs.

Assumptions

  • openSUSE 11.1 (or something similar)
  • XEN set up with bridged networking
  • existing bridge (br0) is in the 'external zone'

Solution

Add a private network bridge to the host network setup. Place the new bridge on the internal zone. Set the firewall to masquerade. Connect xen guests to the new bridge. To be pedantic:

  1. yast -> network devices -> network settings; 'Add', set the type as 'bridge' and assign a static, private network IP (e.g., 192.168.0.1); deselect all 'bridged devices'; the bridge will be connected through the masquerade, not connected to a physical device; by default, this will get bridge #1 and the device name will be br1
  2. yast -> security and users -> firewall; in interfaces, assign 'br1' to 'internal zone'; in 'masquerading' turn masquerading on

Set up your xen guests normally. (TODO: I have not yet installed a new guest after doing this, not sure if there's an option in the flow to connect to br1; all my existing guests are connected to br0.) After the setup, look at the 'vif' entry in the config file in /etc/xen/vm/<vm name>; you'll see an 'bridge=br0', change that to 'br1'. Now statically assign your guest an IP in the new private network, e.g., 192.168.0.2. (BTW, should be straightforward to set up DHCP as well if that makes more sense.)

Retrieved from "http://www.zanecorp.com/wiki/index.php/Private_Guest_Network"
Personal tools
NEW CHANGED