|
|
|
|
|
|
|
|
|
|
xen-users
Re: [Xen-users] xen breaks iptables
On 11/16/06 07:22, Markus Schiltknecht wrote:
> Hi,
>
> in the Shorewall Xen FAQ at [1] I'm reading the following:
>
> "I know of no case where a user has successfully used NAT (including
> Masquerade) in a bridged Xen Dom0. So if you want to create a
> masquerading firewall/gateway using Xen, you need to do so in a DomU
> (see how I did it) or you must configure Xen to use routing or NAT
> rather than the default bridging."
>
> Why shuffling around the Dom0 interfaces (eth0 -> peth0) at all? Can I
> configure Xen to not do that and just provide me a tap device I can
> route / bridge however I want, like qemu does?
http://lists.xensource.com/archives/html/xen-users/2006-09/msg00925.html
(the HTML code wrapped the following line, which should be a single line:
mac=${mac:-$(awk 'BEGIN { printf "00:16:3e:%02x:%02x:%02x",
int(rand()*127),
int(rand()*255), int(rand()*255); }')}
Once you have the network-private set up, you can route and do whatever
in dom0 you like. veth0 is the adapter to the private network between
dom0 and domUs, and eth0 (or whatever) is the external.
This script really gets out of your way, so all the configuration of
forwarding and such can be done outside xen.
John
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
|
|