WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] xen breaks iptables

from [John Lenz] [Permanent Link][Original]
To: Markus Schiltknecht <markus@xxxxxxxxxx>
Subject: Re: [Xen-users] xen breaks iptables
From: John Lenz <jlenz2@xxxxxxxxxxxxx>
Date: Thu, 16 Nov 2006 12:49:24 -0600
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 16 Nov 2006 10:49:54 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <455C6628.9080001@xxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <455C3E03.6070703@xxxxxxxxxx> <455C6628.9080001@xxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.7 (X11/20060922) 
On 11/16/06 07:22, Markus Schiltknecht wrote:
> Hi,
> 
> in the Shorewall Xen FAQ at [1] I'm reading the following:
> 
> "I know of no case where a user has successfully used NAT (including
> Masquerade) in a bridged Xen Dom0. So if you want to create a
> masquerading firewall/gateway using Xen, you need to do so in a DomU
> (see how I did it) or you must configure Xen to use routing  or NAT
> rather than the default bridging."
> 
> Why shuffling around the Dom0 interfaces (eth0 -> peth0) at all? Can I
> configure Xen to not do that and just provide me a tap device I can
> route / bridge however I want, like qemu does?


http://lists.xensource.com/archives/html/xen-users/2006-09/msg00925.html

(the HTML code wrapped the following line, which should be a single line:
mac=${mac:-$(awk 'BEGIN { printf "00:16:3e:%02x:%02x:%02x",
int(rand()*127),
int(rand()*255), int(rand()*255); }')}

Once you have the network-private set up, you can route and do whatever
in dom0 you like.  veth0 is the adapter to the private network between
dom0 and domUs, and eth0 (or whatever) is the external.

This script really gets out of your way, so all the configuration of
forwarding and such can be done outside xen.

John


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Full Virtualization Windows XP Network Question, Lutrin Jean
Next by Date:  [Xen-users] Greeter Application Problems, Grodeon, Steve R
Previous by Thread:  Re: [Xen-users] xen breaks iptables, Markus Schiltknecht
Next by Thread:  Re: [Xen-users] VLANs and bridging, Abel Martín
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy