How to use the same IP for dom0 and one domU in XEN

Question

I have currently a Xen on a debian wheezy dom0. I have 6 (public) IPs and I would like to setup 6 VMs (each using one IP).

To keep access to dom0, I'd like dom0 ssh to bind on one IP port (lets say 4444). I don't really know where to start. Any pointers ?

Answer 1

So, I finally came up with a solution that I will details :

In this exemple, we have one physical network interface (eth0), 3 IPs and 3 VMs :

• a.a.a.a (that will be shared by dom0 and one domU called VM_A)
• b.b.b.b (for one domU VM_B)
• b.b.b.c (for one domU VM_C)

dom0 /etc/network/interface:

auto xenbr0 
iface xenbr0 inet static
    bridge_ports eth0
    address a.a.a.a
    netmask 255.255.255.0
    network a.a.a.0
    broadcast a.a.a.255
    gateway a.a.a.254

The default vif script used in /etc/xen/xend-config.sx will be (vif-script vif-bridge). This is for VM_B and VM_C which have their own ip.

For the configuration script of VM_B and VM_C (/etc/xen/VM_[BC].cfg) we will have :

vif = [ 'ip=b.b.b.b,mac=XX:XX:XX:XX:XX:XX' ]

For the configuration script of VM_A (/etc/xen/VM_A.cfg) we will have :

vif = [ 'ip=192.168.0.1,script=vif-nat']

We have to add iptables rules in order to make VM_A visible to Internet :

iptables -t nat -A POSTROUTING -s 192.168.0.1 -o xenbr0  -j MASQUERADE
# One rule for each port that need to be forwarded to `VM_A`
iptables -t nat -A PREROUTING -p tcp -d a.a.a.a --dport 22 -j DNAT --to 192.168.0.1:22
iptables -t nat -A PREROUTING -p tcp -d a.a.a.a --dport 80 -j DNAT --to 192.168.0.1:80

Also need to enable packet forwarding (/etc/sysctl.conf):

net.ipv4.ip_forward=1
net.ipv4.conf.eth0.proxy_arp=1