[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] xen-unstable networking




On 27 Mar 2004, at 16:50, Keir Fraser wrote:

However, while packets from the vpn are correctly routed to domains
other than 0, packets from those domains appear directly on the
physical ethernet rather than being routed via domain 0 and down the
vpn tunnel. This does seem to to be working as designed in that the
domain has access to the physical ethernet for addresses which have
been added to its vif, but it would be useful for this situation if the packets could go via domain 0. Is this something which can be done with
the current code?

Yes, it is possible. We do it automatically for 169.254.* addresses
--- see setup_vfr_rules_for_vif() in tools/xenctl/lib/utils.py in the
Xen source repository.

A suitable fix for you is to customise your dom_create script to call
a private copy of setup_vfr_rules_for_vif which routes 192.* addresses
via DOM0 rather than to the physical net interface.

That seems to work fine: this rule gives domain 1 access to the vpn, and with a NAT rule in domain 0, access to the Internet:

ADD ACCEPT srcaddr=192.168.101.1 srcaddrmask=255.255.255.255 dst=ANY srcdom=1 srcidx=0 dstdom=0 dstidx=0 proto=any

Is there a way to see what the VFR rules currently are? /proc/xen/vfr can be read but returns nothing. Also, is there any way to flush the VFR rules?

Thanks,
Chris.



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.