On Thu, August 21, 2008 10:23, David Dyer-Bennet wrote: > > The problem is, I can't originate a connection to either guest from > outside. Solved my own problem. And found I'd forgotten the choices, so maybe my description didn't fully make sense either. I was indeed running my guests behind NAT, and eventually found that "iptables -t nat -L" would show the MASQUERADE target I believed was there. So I confirmed that I'd ended up, unintentionally, behind NAT. By creating a new guest, I found that the networking choices were not what I had remembered. Clearly my NAT situation came from selecting "virtual networking". When I instead told it to associate the network with a physical device, I got my new guest connected to xenbr0 as I had expected all along. I had tried to change my guests over to connecting to xenbr0 previously, and it turns out I got the syntax slightly wrong -- the two arguments in the config file to vif should have been in a single set of quotes, separated by commas, rather than two separate arguments each quoted. When I had the config file for the new guest that wasn't behind NAT to compare to, that became obvious, and making the change to the config files changed the way they were connected as expected. And so now all three guests, the two old ones and the new one, are externally visible, and get IPs in our normal range from the DHCP server. (Well, actually I've made another change since then, and went in and attached the static internal IPs I'd been assigned to them.) I've still got virbr0 and the NAT setup sitting around vestigially; I haven't looked closely at how to get rid of that. Not important for now, because this is a scratch install (as I said, my first time using Xen), so next time when I do it right I won't have that left over. To recap, and put the search terms closer together for future users, the presence of virbr0 with the IP address 192.168.122.1, and a NAT setup, was a consequence of selecting "virtual networking" for my original Xen guest OSs. Win! Hope this helps somebody in the future. -- David Dyer-Bennet, dd-b at dd-b.net; http://dd-b.net/ Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/ Photos: http://dd-b.net/photography/gallery/ Dragaera: http://dragaera.info