I'm trying to build a Xen system where each domU on the box will offer a different network service, but they'll all appear from the outside to be a single host on my LAN.
I've set up a routed Xen configuration, with the dom0 as a router to a separate IP subnet containing the domU's. My plan was to use a simple Shorewall configuration on dom0 to direct incoming traffic on different ports to different domU's using DNAT. However, I'm running into trouble with a simple test configuration (with just one domU, running an Apache server). DNAT simply doesn't seem to work at all. When I try to connect to HTTP on the dom0 from elsewhere on my LAN, the connection is not being DNAT'ed to the domU running my Apache server; rather, the HTTP request is being serviced by me dom0 (I'm getting a test page served up by micro-httpd, which I installed on dom0 for testing purposes). Is there some special trick to getting DNAT to work in dom0 in a routed Xen configuration? Or would I be better off forgetting the whole idea and running Shorewall in another domU, instead of in dom0? I'm using Ubuntu 7.10, Xen 3.1 (kernel 2.6.22-14-xen), and Shorewall 4.0.6. I've tried both shorewall-perl (4.0.6-3) and shorewall-shell. I'll post more details of my configuration if necessary, though I'm hoping that my question will turn out to be elementary enough not to require too much detail. -- Rich Wales === Palo Alto, CA, USA === [EMAIL PROTECTED] http://www.richw.org === http://en.wikipedia.org/wiki/User:Richwales ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
