Re: xen networking

[Iain Hibbert <plunky%ogmig.net@localhost>]

On Fri, 5 Jun 2020, Iain Hibbert wrote:

> I have a xen dom0 with external connectivity and wish to set up NAT to 
> allow the domU network access but having a little difficulty with network 
> setup.

In summary, I've followed Gregs basic advice and ended up with a
single bridge for the domU internal network:

+------+---------------------------------------------------+------+
|    [wm0]                                               [wm1]    |
|                        dom0                                     |
|                                                                 |
| 192.168.2.1                                                     |
|   [tap0] = [bridge0] = [xvif1i0] === [xvif2i0] ===== [xvifNi0]  |
+----------------------------+-------------+---------------+------+
                             |             |               |
                       +-----+-----+ +-----+-----+   +-----+-----+
                       | [xennet0] | | [xennet0] |   | [xennet0] |
                       |   domU    | |   domU    |   |   domU    |
                       +-----------+ +-----------+   +-----------+

dom0 gets an external IP address on wm0 with dhcpcd

dom0 provides DHCP and DNS to the internal network with dnsmasq on tap0 
attached to bridge0 and given a fixed IP.

each domU is attached to bridge0, configured with its hostname and gets an 
IP with dhcpcd.

NPF operates a firewall between wm0 and tap0.

In order to map external ports to domUs I had to pin down their IP 
addresses so that they could be used in npf.conf

It has been a learning experience but the network config is concentrated 
now in one place (dom0/etc). It would also be possible I think to define 
the MAC addrs and have dnsmasq hand out the hostnames based on those.

iain