[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] xen-unstable networking
On 27 Mar 2004, at 16:50, Keir Fraser wrote: However, while packets from the vpn are correctly routed to domains other than 0, packets from those domains appear directly on the physical ethernet rather than being routed via domain 0 and down the vpn tunnel. This does seem to to be working as designed in that the domain has access to the physical ethernet for addresses which havebeen added to its vif, but it would be useful for this situation if the packets could go via domain 0. Is this something which can be done withthe current code?Yes, it is possible. We do it automatically for 169.254.* addresses --- see setup_vfr_rules_for_vif() in tools/xenctl/lib/utils.py in the Xen source repository. A suitable fix for you is to customise your dom_create script to call a private copy of setup_vfr_rules_for_vif which routes 192.* addresses via DOM0 rather than to the physical net interface. That seems to work fine: this rule gives domain 1 access to the vpn, and with a NAT rule in domain 0, access to the Internet: ADD ACCEPT srcaddr=192.168.101.1 srcaddrmask=255.255.255.255 dst=ANY srcdom=1 srcidx=0 dstdom=0 dstidx=0 proto=any Is there a way to see what the VFR rules currently are? /proc/xen/vfr can be read but returns nothing. Also, is there any way to flush the VFR rules? Thanks, Chris. ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |