|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] xen breaks iptables
On 11/16/06 07:22, Markus Schiltknecht wrote: > Hi, > > in the Shorewall Xen FAQ at [1] I'm reading the following: > > "I know of no case where a user has successfully used NAT (including > Masquerade) in a bridged Xen Dom0. So if you want to create a > masquerading firewall/gateway using Xen, you need to do so in a DomU > (see how I did it) or you must configure Xen to use routing or NAT > rather than the default bridging." > > Why shuffling around the Dom0 interfaces (eth0 -> peth0) at all? Can I > configure Xen to not do that and just provide me a tap device I can > route / bridge however I want, like qemu does? http://lists.xensource.com/archives/html/xen-users/2006-09/msg00925.html (the HTML code wrapped the following line, which should be a single line: mac=${mac:-$(awk 'BEGIN { printf "00:16:3e:%02x:%02x:%02x", int(rand()*127), int(rand()*255), int(rand()*255); }')} Once you have the network-private set up, you can route and do whatever in dom0 you like. veth0 is the adapter to the private network between dom0 and domUs, and eth0 (or whatever) is the external. This script really gets out of your way, so all the configuration of forwarding and such can be done outside xen. John _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |