|  |  | 
  
    |  |  | 
 
  |   |  | 
  
    |  |  | 
  
    |  |  | 
  
    |   xen-users
Re: [Xen-users] iptables on guests 
| 
Im trying to apply rules on the guest and they dont work.
Craig Sparks wrote:
 
Im trying to use iptables on one of the guests.
my chain policy is drop and my rules are
iptables -A INPUT -p icmp -s 0/0 -d 0/0 -j ACCEPT
My default output policy is ACCEPT
Fajar A. Nugraha wrote:
 On Mon, Apr 27, 2009 at 9:37 PM, Kai Schaetzl 
<maillists@xxxxxxxxxxxxx> wrote:
 
The situation is as follows.
Three machines. All in the same rack to the same switch, 100 MBit 
links, in
the same datacenter. All eth0 are on the same routable subnet. Two 
of the
machines are cross-over-cabled to the third machine via the 
additional ports.
These ports are all on a non-routable subnet of their own, no 
gateway set. I
want to access the domUs via these extra 1 Gig links for instance 
for backup
purposes. Going thru the direct cable link would be much faster. So, 
I need
something to "bridge" from eth1 to eth0 on the source machines. If I 
add an IP
address from the same subnet as eth1 to eth0:1 and to each of the 
running 
domUs I can access them (I guess by way of broadcasting).
 
No, that won't work. Are you famliar with the difference between
bridge and route?
I believe you have two alternatives :
(1) Setup multiple bridges
For example, br0 for eth0 and br1 for eth1. Then you assign two NICs
to domU, each NIC on different bridge. Think of it like having two
switches: one switch for eth0, another for eth1. In this scenario domU
will be like another dom0 in that it have a "private connection" to
third machine via second NIC.
(2) setup static routing on dom0 and domU.
This way traffic from domU to thrid machine can go something like this:
domU eth0 -> dom0 xenbr0 -> dom0 eth1 -> third machine eth1.
Note that this does not involve adding extra bridge or another IP
address. You just setup static routes and enable ipv4 forwarding on
dom0.
Regards,
Fajar
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
 
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
 
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
 | 
 |  | 
  
    |  |  |