Issues with vif-nat and Xen after upgrading from Debian 8 to 10

Question

I'm getting this error when running xl create:

# xl create ../vm-www.rootspirit.com.cfg
Parsing config from ../vm-www.rootspirit.com.cfg
libxl: error: libxl_exec.c:118:libxl_report_child_exitstatus: /etc/xen/scripts/vif-nat online [12721] exited with error status 1
libxl: error: libxl_device.c:1286:device_hotplug_child_death_cb: script: /etc/xen/scripts/vif-nat failed; error detected.
libxl: error: libxl_create.c:1520:domcreate_attach_devices: Domain 32:unable to add vif devices

My VIF config looks like this:

vif = [ 'ip=172.16.1.51,mac=11:11:23:44:23:52,script=vif-nat', 'ip=2001:1AF8:3100:A00A:21::2000,mac=43:32:11:23:70:20,script=vif-bridge,bridge=xenbr0' ]

But anything that includes script=vif-nat or script=vif-route fails with the above error.

The package iproute2 and net-tools are installed. Logs don't show anything.

The xl -vvvv command is here.

What am I missing here?

Answer 1

Not sure why the vif-nat script crashes. I have resolved the problem by creating my own internal network.

Dom0:

allow-hotplug xenbr1
auto xenbr1
iface xenbr1 inet static
        address 10.13.37.1
        netmask 255.255.255.0

xen configs:

• Public and LAN DomU: vif = [ 'ip=1.2.3.4,bridge=xenbr0', 'ip=10.13.37.123,bridge=xenbr1' ]
• LAN only DomU: vif = [ 'ip=10.13.37.123,bridge=xenbr1' ]

iptables should be something along the lines of:

iptables -A FORWARD --in-interface xenbr1 -j ACCEPT
iptables --table nat -A POSTROUTING --out-interface xenbr0 -j MASQUERADE

And of course config the static IP in network settings of the DomU.