[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] iptables on guests



Im trying to use iptables on one of the guests.

my chain policy is drop and my rules are

iptables -A INPUT -p icmp -s 0/0 -d 0/0 -j ACCEPT

My default output policy is ACCEPT



Fajar A. Nugraha wrote:
On Mon, Apr 27, 2009 at 9:37 PM, Kai Schaetzl <maillists@xxxxxxxxxxxxx> wrote:
The situation is as follows.
Three machines. All in the same rack to the same switch, 100 MBit links, in
the same datacenter. All eth0 are on the same routable subnet. Two of the
machines are cross-over-cabled to the third machine via the additional ports.
These ports are all on a non-routable subnet of their own, no gateway set. I
want to access the domUs via these extra 1 Gig links for instance for backup
purposes. Going thru the direct cable link would be much faster. So, I need
something to "bridge" from eth1 to eth0 on the source machines. If I add an IP
address from the same subnet as eth1 to eth0:1 and to each of the running
domUs I can access them (I guess by way of broadcasting).

No, that won't work. Are you famliar with the difference between
bridge and route?
I believe you have two alternatives :

(1) Setup multiple bridges
For example, br0 for eth0 and br1 for eth1. Then you assign two NICs
to domU, each NIC on different bridge. Think of it like having two
switches: one switch for eth0, another for eth1. In this scenario domU
will be like another dom0 in that it have a "private connection" to
third machine via second NIC.

(2) setup static routing on dom0 and domU.
This way traffic from domU to thrid machine can go something like this:
domU eth0 -> dom0 xenbr0 -> dom0 eth1 -> third machine eth1.
Note that this does not involve adding extra bridge or another IP
address. You just setup static routes and enable ipv4 forwarding on
dom0.

Regards,

Fajar

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users




_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.