ia64/xen-unstable

view tools/examples/network-nat @ 16739:33dcf04d7715

tools/docs: Fix example and default IP addresses.

In various places in documentation and code, IP addresses are provided
as examples, defaults, or dummy configuration. In general the
specific IP addresses used in Xen are not always appropriate. (For
example, 1.2.3.4 is used in a few places!)

The following addresses should be used:
* For examples and documentation, 192.0.2.0/24. (See RFC3330.)
* For defaults for private networks, a random network from RFC1918.
I have randomly selected 172.30.206.0/24 for this purpose and
documented this in at the only registry I know of,
www.ucam.org/cam-grin. This network should henceforth be used for
default configurations of local bridges, test networks, etc. in
Xen tools.

The following addresses should NOT be used:
* 10.0.*.*, 10.1.*.*, 192.168.0.*, 192.168.1.*, etc. Using these
addresses gives greatly increased likelihood of collision, as
ignorant network administrators and reckless middlebox vendors
often pick networks from the bottom of 10/8 and 192.168/16.
* 169.254.*.*. These are reserved for zeroconf (ad-hoc networking)
and should not be used for Xen private networks, bridges, etc.,
etc. Use of these addresses by Xen scripts causes trouble on hosts
(eg laptops) which find themselves in ad-hoc networking
environments. I think this is not hypothetical (!) since at least
one Linux distribution have specific code to detect this case and
cause Xen startup to fail iff the host already has an external
zeroconf address.
* 1.2.3.4. WTF !?

I have also used 127.0.255.255 in one place where apparently a dummy
address is needed (some Linux kernels won't accept a lack of an NFS
server address). If 127.0.255.255 is mistakenly used it is unlikely
to do any damage to real traffic even if it does escape into the
network at large.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
author Keir Fraser <keir.fraser@citrix.com>
date Thu Jan 17 15:13:40 2008 +0000 (2008-01-17)
parents b071319927b6
children 4a6282589b90
line source
1 #!/bin/bash
2 #============================================================================
3 # Default Xen network start/stop script when using NAT.
4 # Xend calls a network script when it starts.
5 # The script name to use is defined in /etc/xen/xend-config.sxp
6 # in the network-script field.
7 #
8 # Usage:
9 #
10 # network-nat (start|stop|status) {VAR=VAL}*
11 #
12 # Vars:
13 #
14 # netdev The gateway interface (default eth0).
15 # antispoof Whether to use iptables to prevent spoofing (default no).
16 # dhcp Whether to alter the local DHCP configuration (default no).
17 #
18 #============================================================================
20 dir=$(dirname "$0")
21 . "$dir/xen-script-common.sh"
22 . "$dir/xen-network-common.sh"
24 findCommand "$@"
25 evalVariables "$@"
27 netdev=${netdev:-eth0}
28 # antispoofing not yet implemented
29 antispoof=${antispoof:-no}
30 dhcp=${dhcp:-no}
32 if [ "$dhcp" != 'no' ]
33 then
34 dhcpd_conf_file=$(find_dhcpd_conf_file)
35 dhcpd_init_file=$(find_dhcpd_init_file)
36 if [ -z "$dhcpd_conf_file" ] || [ -z "$dhcpd_init_file" ]
37 then
38 echo 'Failed to find dhcpd configuration or init file.' >&2
39 exit 1
40 fi
41 fi
44 function dhcp_start()
45 {
46 if ! grep -q "subnet 192.0.2.0" "$dhcpd_conf_file"
47 then
48 echo >>"$dhcpd_conf_file" "subnet 192.0.2.0 netmask 255.255.255.0 {}"
49 fi
51 "$dhcpd_init_file" restart
52 }
55 function dhcp_stop()
56 {
57 local tmpfile=$(mktemp)
58 grep -v "subnet 192.0.2.0" "$dhcpd_conf_file" >"$tmpfile"
59 if diff "$tmpfile" "$dhcpd_conf_file" >&/dev/null
60 then
61 rm "$tmpfile"
62 else
63 mv "$tmpfile" "$dhcpd_conf_file"
64 fi
66 "$dhcpd_init_file" restart
67 }
70 op_start() {
71 echo 1 >/proc/sys/net/ipv4/ip_forward
72 iptables -t nat -A POSTROUTING -o ${netdev} -j MASQUERADE
73 [ "$dhcp" != 'no' ] && dhcp_start
74 }
77 op_stop() {
78 [ "$dhcp" != 'no' ] && dhcp_stop
79 iptables -t nat -D POSTROUTING -o ${netdev} -j MASQUERADE
80 }
83 show_status() {
84 echo '============================================================'
85 ifconfig
86 echo ' '
87 ip route list
88 echo ' '
89 route -n
90 echo '============================================================'
92 }
94 case "$command" in
95 start)
96 op_start
97 ;;
99 stop)
100 op_stop
101 ;;
103 status)
104 show_status
105 ;;
107 *)
108 echo "Unknown command: $command" >&2
109 echo 'Valid commands are: start, stop, status' >&2
110 exit 1
111 esac