This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-users] iptables on guests

Im trying to use iptables on one of the guests.

my chain policy is drop and my rules are

iptables -A INPUT -p icmp -s 0/0 -d 0/0 -j ACCEPT

My default output policy is ACCEPT

Fajar A. Nugraha wrote:
On Mon, Apr 27, 2009 at 9:37 PM, Kai Schaetzl <maillists@xxxxxxxxxxxxx> wrote:
The situation is as follows.
Three machines. All in the same rack to the same switch, 100 MBit links, in
the same datacenter. All eth0 are on the same routable subnet. Two of the
machines are cross-over-cabled to the third machine via the additional ports.
These ports are all on a non-routable subnet of their own, no gateway set. I
want to access the domUs via these extra 1 Gig links for instance for backup
purposes. Going thru the direct cable link would be much faster. So, I need
something to "bridge" from eth1 to eth0 on the source machines. If I add an IP
address from the same subnet as eth1 to eth0:1 and to each of the running
domUs I can access them (I guess by way of broadcasting).

No, that won't work. Are you famliar with the difference between
bridge and route?
I believe you have two alternatives :

(1) Setup multiple bridges
For example, br0 for eth0 and br1 for eth1. Then you assign two NICs
to domU, each NIC on different bridge. Think of it like having two
switches: one switch for eth0, another for eth1. In this scenario domU
will be like another dom0 in that it have a "private connection" to
third machine via second NIC.

(2) setup static routing on dom0 and domU.
This way traffic from domU to thrid machine can go something like this:
domU eth0 -> dom0 xenbr0 -> dom0 eth1 -> third machine eth1.
Note that this does not involve adding extra bridge or another IP
address. You just setup static routes and enable ipv4 forwarding on



Xen-users mailing list

Xen-users mailing list