Hi there, welcome to LQ!
While I do find your post a little confusing, I think I get the idea, at least in part. That said, I have more experience with the "networking" angle than with the VMware/Xen angle, so I'm going to look at this as a networking problem. If you (or someone) determine that this is more of a Virtualization problem, you can use the report button and ask for your thread to be moved to the Virtualization forum.
So.. There are a couple of statements in your post that I find conflicting. Assuming just 2 NICs:
1) One NIC connects to a vlan, and the other NIC to a regular network.
2) It should be possible for a desktop on one network, to connect to either NIC on the server
3) Both subnets should operate independently.
So, the above conditions, as far as I can tell, cannot
exactly happen; subnets are by nature independent of one another, meaning that by default, traffic doesn't go from one subnet to the other. Read on:
If the two subnets are
independent, then it's normal for desktops on one subnet to
not be able to ping the other subnet NIC, because they aren't physically connected; if you want this to become possible, traffic needs to be routed from one NIC to the other internally by the server. For this, you'd need to have ip_forward enabled on the server and use iptables to create the necessary routes & network address translations (NATs) for incoming connections on NIC-A to be forwarded to NIC-B. I believe you'd need to use iptables SNAT (Source NAT) and/or DNAT (Destination NAT) to rewrite the source + destination addresses of traffic you want forwarded from one subnet to the other.
So, if you have desktop machine on 200.200.1.10 you can communicate only with 200.200.1.XXX by default.
If you want to use that desktop machine to (let's say) contact a service listening on 10.1.1.123 then the server needs to rewrite that source address (SNAT) 200.200.1.10 to something like 10.1.1.YYY and forward it along to the 10.1.1.0 subnet, to the listening service at 10.1.1.123. The process gets reversed on the return trip: established traffic coming back from the service at
10.1.1.123 TO 10.1.1.YYY gets un-SNATed, it's destination address rewritten to 200.200.1.10, and is forwarded onto the subnet from which it originally came, and returned to the desktop machine.
I'm just trying to explain how traffic gets from one subnet to the other and back again, and I believe that
iptables is what you need, to get the routing you are looking for. Using
iptables can be daunting at first, but there are LOADS of almost ready-to-go iptables (firewall) scripts which can be tailored to specific needs and put in place on a server, to do these network address translations (NAT routing). Now, as mentioned, I'm not familiar with the virtualization aspect, so how that affects this situation, if at all, is beyond my knowledge.
Until someone else comes in here and provides either more clarity/details, or more information, I recommend you have a look at the various documentation here:
http://www.netfilter.org/documentation/index.html and at this excellent how-to site here:
http://www.bec.at/support/iptables-tutorial/index.html which contains sample scripts and examples of how to do just about everything with iptables.
Best regards,
Sasha
