0

I have installed XenServer on my server at the Hetzner datacenter. I have bought an additional /29 subnet containing 6 usable IP addresses from them.

I want to install more than 10 VMs on this server. All VMs should be able to access the Internet. But only some of them should be visible from the Internet. All VMs should be able to communicate with each other.

I have configured the additional subnet on the XenServer using these instructions. In short, the first usable IP of the subnet is assigned to the xenbr0 interface as an alias (xenbr0:1). Then, the remaining IPs of the subnet can be used on the VMs and the xenbr0:1 IP is used as the gateway on the VMs. This makes these VMs visible from the Internet, publicly accessible. This works fine.

I don't want to assign publicly visible IPs to all my VMs. Moreover, the number of public IPs are limited - I can't assign one to every VM.

How do I configure some VMs with private IPs (maybe 192.168.1.x) such that they can access the Internet, but are not visible from the Internet?

I know about Single Server Private Networks in XenServer. But such a network does not allow the VMs to access the Internet.

Any help would be appreciated. Thanks.

Anjan
  • 277
  • 1
  • 2
  • 14

1 Answers1

1

Do you have only one NIC?

There are a few possibilities you could try.

Create a bridge connecting all the private VM's together. I have a feeling it needs to be bound to a real device so you could use a VLAN on one NIC you have or possibly a NIC alias with no VLAN. Then create a VM that can act as your NAT firewall for that private bridge.

Leave the public side as is.

hookenz
  • 14,132
  • 22
  • 86
  • 142
  • Yes, I have only one NIC. I don't fully understand your suggestion. I would appreciate more detailed instructions. I am about to try the suggestion [here](http://www.x83.net/setting-a-local-network-on-xenserver/). Do you think that would work? – Anjan Mar 07 '14 at 08:54
  • 1
    If you're using xencenter you can create another bridge network I think. I don't have a system here to look at but I know it's possible. I think you tie an IP to it and then assign your private IP VM's to that. Create one VM as a NAT router with both NIC bridges attached and NAT/route between them for internet access... hard to explain but I know it's possible. – hookenz Mar 07 '14 at 09:09