I've got a Centos guest and a Windows 2003 server guest running in Xen under Centos (5.2 in both cases), and they can get out to the network, and I can ping them from dom0. This is my first Xen install, and I haven't used Linux as a router before (I'm very familiar with it as a webserver and development platform) so I'm a bit weak on the bridging code and NAT / IP masquerading. (Amusingly, I was a voting member of IEEE 802.1 and worked on the .d standard for bridging; that was back when it was new, more than a decade ago, and my memories from then may be doing more harm than good now.)
The problem is, I can't originate a connection to either guest from outside.
Dom0 is getting IP 192.168.1.91 (from our enterprise DHCP server), which is a reasonable address. There are two bridges created, xenbr0 and virbr0. Virbr0 has an IP of 192.168.122.1 assigned to it, which evidence suggests did *not* come from our DHCP server. The interfaces for the two guest domains have 192.168.122.185 and .198 assigned, also not from our DHCP server. The IPs plus the behavior (can't connect in, can connect out) make it look very much like NAT has been setup, but I can't find any evidence like a "MASQUERADE" target in the dom0 iptables or anything (I've never run NAT on Linux, I could be looking for the wrong thing in the wrong place).
This setup does not look anything like the "default" bridging config I find documented on various Xen websites (particularly http://wiki.xensource.com/xenwiki/XenNetworking). None of them have "virbr0". I've seen a number of reports that people's working configurations broke when the upgraded to Centos 5.2, so I'm suspecting that what I'm seeing here is how Centos 5.2 chooses to package Xen. And hence I'm asking on a Centos list :-).
I created these guests in virt-manager. I selected the "bridging" network configuration.
Oh, ip forwarding is on in dom0; that was one of the things several places I looked said was an obvious fix for my problem, but it was already on in the default config, and it wasn't helping.
I'm currently not using either vlan or bonding, though I believe both are in my future. One thing at a time; and if I understand the basics I think I just might be able to take it to the next stage.
This has gotta be simple; I want the most basic bridged configuration, with the guests directly visible to the outside world. Any ideas?