[Firehol-support] Please help with the configuration of Debian 8 and Xen and networking with only one network card and multiple external IP addresses.

Phil Whineray phil at firehol.org
Wed Feb 24 19:44:05 CET 2016


Just to follow up what Costa said.

It seems clear from the Xen docs [1] that you want to create a bridge
which will contain the virtual devices from your guests.

Then, enable forwarding (firehol will do this automatically if you
have a router).

Use dnat to make incoming connections matching particular criteria go
to particular hosts. If using firehol, make sure the natted connections
are allowed in a router between your main ethernet and the bridge.

You should be able to use snat to make connections out of particular
hosts appear on particular IPs but I suggest you start with getting
all the incoming working before doing this.

[1] http://wiki.xenproject.org/wiki/Xen_Networking

On Tue, Feb 23, 2016 at 10:20:16PM +0000, Christian-Josef Schrattenthaler wrote:
> Hi!
> 
> I have a rootserver with only one network card and 4 official (external
> IPs). The server runs under Debian 8. I installed the Xen of the
> distribution. I added the 4 IPs to the network card (like it is described in
> the official Debian documentation). And if I do a checkup and a test,
> everything seems to work fine.
> 
> The idea now is to create a couple of virtual servers under Xen which uses
> internal IP addresses (e.g. 10.0.0.1 - 10.0.0.5). All of the servers should
> be able to connect to the internet (would be cool, if I could decide which
> server uses which external IP address to appeare on the Internet), but only
> a couple of them should accept incoming request. Depending on the external
> IP and the used port I need to forward the request to an internal IP address
> of on of my virtual servers.
> 
> I tried to find the solution myself, but I got stucked. After reading a lot
> of manuals I don't know what would be the right way. I am completely
> confused about all of the possible options. I found nowhere a documentation
> or an Howto for this situation.
> 
> I thought that maybe FireHOL could make my life easier, but I am still stuck
> with a working solution.
> 
> Can someone help me or give me a hint in the right direction please?
> 
> Thanks,
> Christian.
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support


More information about the Firehol-support mailing list