|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] Re: xen breaks iptables
> > http://lists.xensource.com/archives/html/xen-users/2006-09/msg00925.html > > (the HTML code wrapped the following line, which should be a single line: > mac=${mac:-$(awk 'BEGIN { printf "00:16:3e:%02x:%02x:%02x", > int(rand()*127), > int(rand()*255), int(rand()*255); }')} > > Once you have the network-private set up, you can route and do whatever > in dom0 you like. veth0 is the adapter to the private network between > dom0 and domUs, and eth0 (or whatever) is the external. > > This script really gets out of your way, so all the configuration of > forwarding and such can be done outside xen. i'm trying this script but i can't find a way to access the network from the DomU's. with no iptables' rules i can ping the domU's from dom0 and vice-versa, but if i try to NAT the domU's (with the attached script) everyone stops seeing each other. any hints? thanks, francesco here's the mini-nat script, eth0 is the external iface on dom0: #!/usr/bin/env iptables-restore *filter :FORWARD DROP [0:0] :INPUT DROP [0:0] :OUTPUT ACCEPT [0:0] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i veth0 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT COMMIT *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A POSTROUTING -o eth0 -j MASQUERADE COMMIT _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |