[CentOS-virt] Issues getting Xen NAT networking to work on CentOS 5.3

Mon Apr 27 09:07:12 UTC 2009
Andrew Montgomery-Hurrell <darkliquid at darkliquid.co.uk>

2009/4/15 Andrew Montgomery-Hurrell <darkliquid at darkliquid.co.uk>:
> I've got a virtual network setup going on where I have 3 VMs running
> on a host system which ran fine under CentOS 5.2 but under 5.3
> everything to do with the networking has gone weird.
> I can't seem to access my VMs over the internal virtual network
> interfaces, setting their IPs statically in the VM conf files, for
> some reason the VIFs end up with an IP 127 higher, ie.
> becomes Ignoring that issue, the main one is that that IP,
> rather than connect to the running VM's network interface instead just
> connects to localhost on the host system. The only way I can access
> the VMs is with 'xm console' which obviously isn't very useful
> considering I need the VMs to host web content. The VMs can
> access the outside world and download things such as updates, etc,
> but the host system can't access them (obviously the outside world
> can't and this is intentional in this case as their interfaces aren't
> exposed externally).
> I've tried this with and without the firewall running and the issue
> persists, so it's definitely not iptables screwing things up. What's
> annoying is that my setup worked perfectly fine in 5.2 but in 5.3 it's
> been nothing but hassle to get working and I'm completely stumped with
> getting this networking issue sorted.
> Anyone have any ideas what might be causing the issue?

Okay, not sure why my old settings didn't work in CentOS 5.3 but I
managed to get things working again with a different iptables setup.

I ran:

iptables -t nat -A POSTROUTING -o eth0 -p tcp --src -j SNAT --to-source ip.of.my.server
iptables -I RH-Firewall-1-INPUT 10 -o eth0 -p tcp --src -j ACCEPT

And that sorted it for my needs. Now my VMs on the virtual network can
initiate connections and receive back data but things outside the host
system can't access the VMs.

Hope that helps anyone suffering similar problems.