| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
[Xen-users] Re: xen breaks iptables
>
> http://lists.xensource.com/archives/html/xen-users/2006-09/msg00925.html
>
> (the HTML code wrapped the following line, which should be a single line:
> mac=${mac:-$(awk 'BEGIN { printf "00:16:3e:%02x:%02x:%02x",
> int(rand()*127),
> int(rand()*255), int(rand()*255); }')}
>
> Once you have the network-private set up, you can route and do whatever
> in dom0 you like. veth0 is the adapter to the private network between
> dom0 and domUs, and eth0 (or whatever) is the external.
>
> This script really gets out of your way, so all the configuration of
> forwarding and such can be done outside xen.
i'm trying this script but i can't find a way to access the network from the
DomU's. with no iptables' rules i can ping the domU's from dom0 and vice-versa,
but if i try to NAT the domU's (with the attached script) everyone stops seeing
each other. any hints?
thanks,
francesco
here's the mini-nat script, eth0 is the external iface on dom0:
#!/usr/bin/env iptables-restore
*filter
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i veth0 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
| <Prev in Thread] |
Current Thread |
[Next in Thread> |
- [Xen-users] Re: xen breaks iptables,
Francesco Mosca <=
|
|
|
| |
|
Home