WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] xen-unstable networking


On 27 Mar 2004, at 16:50, Keir Fraser wrote:

However, while packets from the vpn are correctly routed to domains
other than 0, packets from those domains appear directly on the
physical ethernet rather than being routed via domain 0 and down the
vpn tunnel. This does seem to to be working as designed in that the
domain has access to the physical ethernet for addresses which have
been added to its vif, but it would be useful for this situation if the packets could go via domain 0. Is this something which can be done with
the current code?

Yes, it is possible. We do it automatically for 169.254.* addresses
--- see setup_vfr_rules_for_vif() in tools/xenctl/lib/utils.py in the
Xen source repository.

A suitable fix for you is to customise your dom_create script to call
a private copy of setup_vfr_rules_for_vif which routes 192.* addresses
via DOM0 rather than to the physical net interface.

That seems to work fine: this rule gives domain 1 access to the vpn, and with a NAT rule in domain 0, access to the Internet:

ADD ACCEPT srcaddr=192.168.101.1 srcaddrmask=255.255.255.255 dst=ANY srcdom=1 srcidx=0 dstdom=0 dstidx=0 proto=any

Is there a way to see what the VFR rules currently are? /proc/xen/vfr can be read but returns nothing. Also, is there any way to flush the VFR rules?

Thanks,
Chris.



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel

<Prev in Thread] Current Thread [Next in Thread>