ia64/xen-unstable
changeset 732:63f8f6b56437
bitkeeper revision 1.433.1.1 (3f69af3bKFwfP85Q4qGIyuQAHKdb6w)
xen_read_console and xen_nat_enable fixes
xen_read_console and xen_nat_enable fixes
| author | iap10@labyrinth.cl.cam.ac.uk |
|---|---|
| date | Thu Sep 18 13:12:27 2003 +0000 (2003-09-18) |
| parents | 5dab2fb654cd |
| children | 7192aa19b83c |
| files | .rootkeys tools/misc/xen_enable_nat tools/misc/xen_enable_nat.README tools/misc/xen_nat_enable tools/misc/xen_nat_enable.README tools/misc/xen_read_console.c |
line diff
1.1 --- a/.rootkeys Thu Sep 18 11:27:03 2003 +0000 1.2 +++ b/.rootkeys Thu Sep 18 13:12:27 2003 +0000 1.3 @@ -144,8 +144,8 @@ 3eb781fd7211MZsLxJSiuy7W4KnJXg tools/int 1.4 3f1668d4-FUY6Enc7MB3GcwUtfJ5HA tools/misc/mkdevnodes 1.5 3f5ef5a2ir1kVAthS14Dc5QIRCEFWg tools/misc/xen-clone 1.6 3f5ef5a2dTZP0nnsFoeq2jRf3mWDDg tools/misc/xen-clone.README 1.7 -3f13d81eQ9Vz-h-6RDGFkNR9CRP95g tools/misc/xen_enable_nat 1.8 -3f13d81e6Z6806ihYYUw8GVKNkYnuw tools/misc/xen_enable_nat.README 1.9 +3f13d81eQ9Vz-h-6RDGFkNR9CRP95g tools/misc/xen_nat_enable 1.10 +3f13d81e6Z6806ihYYUw8GVKNkYnuw tools/misc/xen_nat_enable.README 1.11 3f1668d4F29Jsw0aC0bJEIkOBiagiQ tools/misc/xen_read_console.c 1.12 3ddb79bcbOVHh38VJzc97-JEGD4dJQ xen/Makefile 1.13 3f5ef5a2Qtt8AshYs-KXFFNhKALeIg xen/README
2.1 --- a/tools/misc/xen_enable_nat Thu Sep 18 11:27:03 2003 +0000 2.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 2.3 @@ -1,20 +0,0 @@ 2.4 -#!/bin/sh 2.5 - 2.6 -run_iptables() { 2.7 - if ! iptables $@ ; then 2.8 - echo "iptables returned error; have you built netfilter?"; exit 1 2.9 - fi 2.10 -} 2.11 - 2.12 -ifconfig eth0:0 169.254.1.0 up 2.13 -run_iptables -t filter -F 2.14 -run_iptables -t nat -F 2.15 -run_iptables -t filter -X 2.16 -run_iptables -t nat -X 2.17 -run_iptables -t filter -P FORWARD DROP 2.18 -run_iptables -t filter -A FORWARD -i eth0 -o eth0 -s 169.254.0.0/16 -j ACCEPT 2.19 -run_iptables -t filter -A FORWARD -i eth0 -o eth0 -d 169.254.0.0/16 -m state --state ESTABLISHED,RELATED -j ACCEPT 2.20 -run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.1.0 -j RETURN 2.21 -run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.0.0/16 -j MASQUERADE 2.22 -echo 1 > /proc/sys/net/ipv4/ip_forward 2.23 -
3.1 --- a/tools/misc/xen_enable_nat.README Thu Sep 18 11:27:03 2003 +0000 3.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 3.3 @@ -1,24 +0,0 @@ 3.4 -To use NAT in domain 0 to give access for other domains: 3.5 -1) Make sure domain 0's kernel contains at least the following options: 3.6 - (other domains don't need this) 3.7 - 3.8 -CONFIG_NETFILTER=y 3.9 -CONFIG_IP_NF_CONNTRACK=y 3.10 -CONFIG_IP_NF_FTP=y 3.11 -CONFIG_IP_NF_IPTABLES=y 3.12 -CONFIG_IP_NF_MATCH_STATE=y 3.13 -CONFIG_IP_NF_FILTER=y 3.14 -CONFIG_IP_NF_NAT=y 3.15 -CONFIG_IP_NF_NAT_NEEDED=y 3.16 -CONFIG_IP_NF_TARGET_MASQUERADE=y 3.17 -CONFIG_IP_NF_NAT_FTP=y 3.18 - 3.19 -2) Run the enable_nat script on domain 0 startup. This will bind 3.20 - 169.254.1.0 to domain 0 and set up iptables for NAT. Make sure 3.21 - that the real IP address for eth0 has been set before running the 3.22 - script. 3.23 -3) Give the other domains IP addresses in 169.254.0.0/16 and a default 3.24 - gateway of 169.254.1.0. 3.25 -4) It should now work. Domains 1 and higher should be able to make 3.26 - outgoing connections through NAT. FTP active or passive should both 3.27 - work thanks to FTP connection tracking
4.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 4.2 +++ b/tools/misc/xen_nat_enable Thu Sep 18 13:12:27 2003 +0000 4.3 @@ -0,0 +1,33 @@ 4.4 +#!/bin/sh 4.5 + 4.6 +run_iptables() { 4.7 + if ! iptables $@ ; then 4.8 + echo "iptables returned error; have you built netfilter?"; exit 1 4.9 + fi 4.10 +} 4.11 + 4.12 +ifconfig eth0:0 169.254.1.0 up 4.13 +run_iptables -t filter -F 4.14 +run_iptables -t nat -F 4.15 +run_iptables -t filter -X 4.16 +run_iptables -t nat -X 4.17 +run_iptables -t filter -P FORWARD DROP 4.18 +run_iptables -t filter -A FORWARD -i eth0 -o eth0 -s 169.254.0.0/16 -j ACCEPT 4.19 +run_iptables -t filter -A FORWARD -i eth0 -o eth0 -d 169.254.0.0/16 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT 4.20 +run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.1.0 -j RETURN 4.21 +run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.0.0/16 -j MASQUERADE 4.22 +echo 1 > /proc/sys/net/ipv4/ip_forward 4.23 + 4.24 +#set up some port redirects for ssh 4.25 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2201 -j DNAT --to 169.254.1.1:22 4.26 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2202 -j DNAT --to 169.254.1.2:22 4.27 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2203 -j DNAT --to 169.254.1.3:22 4.28 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2204 -j DNAT --to 169.254.1.4:22 4.29 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2205 -j DNAT --to 169.254.1.5:22 4.30 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2206 -j DNAT --to 169.254.1.6:22 4.31 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2207 -j DNAT --to 169.254.1.7:22 4.32 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2208 -j DNAT --to 169.254.1.8:22 4.33 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2209 -j DNAT --to 169.254.1.9:22 4.34 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2210 -j DNAT --to 169.254.1.10:22 4.35 + 4.36 +
5.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 5.2 +++ b/tools/misc/xen_nat_enable.README Thu Sep 18 13:12:27 2003 +0000 5.3 @@ -0,0 +1,24 @@ 5.4 +To use NAT in domain 0 to give access for other domains: 5.5 +1) Make sure domain 0's kernel contains at least the following options: 5.6 + (other domains don't need this) 5.7 + 5.8 +CONFIG_NETFILTER=y 5.9 +CONFIG_IP_NF_CONNTRACK=y 5.10 +CONFIG_IP_NF_FTP=y 5.11 +CONFIG_IP_NF_IPTABLES=y 5.12 +CONFIG_IP_NF_MATCH_STATE=y 5.13 +CONFIG_IP_NF_FILTER=y 5.14 +CONFIG_IP_NF_NAT=y 5.15 +CONFIG_IP_NF_NAT_NEEDED=y 5.16 +CONFIG_IP_NF_TARGET_MASQUERADE=y 5.17 +CONFIG_IP_NF_NAT_FTP=y 5.18 + 5.19 +2) Run the enable_nat script on domain 0 startup. This will bind 5.20 + 169.254.1.0 to domain 0 and set up iptables for NAT. Make sure 5.21 + that the real IP address for eth0 has been set before running the 5.22 + script. 5.23 +3) Give the other domains IP addresses in 169.254.0.0/16 and a default 5.24 + gateway of 169.254.1.0. 5.25 +4) It should now work. Domains 1 and higher should be able to make 5.26 + outgoing connections through NAT. FTP active or passive should both 5.27 + work thanks to FTP connection tracking
6.1 --- a/tools/misc/xen_read_console.c Thu Sep 18 11:27:03 2003 +0000 6.2 +++ b/tools/misc/xen_read_console.c Thu Sep 18 13:12:27 2003 +0000 6.3 @@ -45,7 +45,7 @@ int main(void) 6.4 if ( buf[len-1] != '\n' ) { buf[len] = '\n'; len++; } 6.5 buf[len] = '\0'; 6.6 6.7 - printf("%s", buf); 6.8 + printf("[%d] %s", ntohs(from.sin_port),buf); 6.9 6.10 fromlen = sizeof(from); 6.11 }