|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Issues with Xen and iptables
On Fri, Jan 29, 2010 at 4:29 PM, Rainer Sokoll <rainer@xxxxxxxxxx> wrote: > So my question is: are there issues with netfilter and Xen (in my case, > still 3.1)? > > Any hint is appreciated, I don't quite understand what you're trying to achieve (why are you using NAT over vpn?), but here are some general pointers: - the best practice is to run as little service as possible on dom0. I usually use a dedicated domU if I need a router/firewall. - having dom0 as firewall can be a little complicated (although possible) when you use the default bridged setup due to device name changes. I usually use OS networking scripts to create bridges. Also be careful about filtering bridged traffic. - looking at your SNAT example, it might be easier to simply use MASQUARADE. For example, this is what network-manager does when you create an ad-hoc wireless network: /sbin/iptables --table nat --insert POSTROUTING --source 10.42.43.0/255.255.255.0 --destination ! 10.42.43.0/255.255.255.0 --jump MASQUERADE - openvpn works just fine on dom0 or domU. Same setup (choice of tun/tap, bridge setup, etc.) that you'd do on a normal box. -- Fajar _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |