|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Dom0 domU bridge problem - virtualizing ISC DHCP server
Hello. El 23/07/13 02:09, Jakub Kulesza escribió: I found it more manageable to dedicate a DomU for routing, this way you make sure it does not interfere with Dom0 networking.Well, that server had 200+ iptables rules, the dom0 routes traffic between 5 interfaces. It must have been something I've messed up earlier. What is your suggestion regarding trimming the rules down? Hm. Not much, after a better look. (: I would omit the "/32" postfix, unless it simplify the reading for you.Also was surprised seeing "-m udp". According to iptables man page it's indeed on it¡s place, but my own rules for DHCP does not use it. I specify "-p udp --dport 67" directly. I would expect only "-t filter" rules to be needed, unless there is something very restrictive at the end of "nat" table. does this "--physdev-in vif+" and "--physdev-out vif+" wildcard all vif interfaces? Would this iptables setting allow for ISC DHCP server to work? Yes and yes.My servers complains in the console about --physdev-in and --physdev-out syntax, but I found no solution to fix it and it's still does it's job. My DHCP server is working on DomU with this iptables configuration on Dom0. Instead of ISC DHCP it's dnsmasq, but don't I see why it would not work with any DHCP daemon. Greetings. -- Alexandre Kouznetsov _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |