1
To use NAT in domain 0 to give access for other domains:
2
1) Make sure domain 0's kernel contains at least the following options:
3
(other domains don't need this)
6
CONFIG_IP_NF_CONNTRACK=y
8
CONFIG_IP_NF_IPTABLES=y
9
CONFIG_IP_NF_MATCH_STATE=y
12
CONFIG_IP_NF_NAT_NEEDED=y
13
CONFIG_IP_NF_TARGET_MASQUERADE=y
14
CONFIG_IP_NF_NAT_FTP=y
16
2) Run the enable_nat script on domain 0 startup. This will bind
17
169.254.1.0 to domain 0 and set up iptables for NAT. Make sure
18
that the real IP address for eth0 has been set before running the
20
3) Give the other domains IP addresses in 169.254.0.0/16 and a default
21
gateway of 169.254.1.0.
22
4) It should now work. Domains 1 and higher should be able to make
23
outgoing connections through NAT. FTP active or passive should both
24
work thanks to FTP connection tracking