ia64/xen-unstable

changeset 732:63f8f6b56437

bitkeeper revision 1.433.1.1 (3f69af3bKFwfP85Q4qGIyuQAHKdb6w)

xen_read_console and xen_nat_enable fixes
author iap10@labyrinth.cl.cam.ac.uk
date Thu Sep 18 13:12:27 2003 +0000 (2003-09-18)
parents 5dab2fb654cd
children 7192aa19b83c
files .rootkeys tools/misc/xen_enable_nat tools/misc/xen_enable_nat.README tools/misc/xen_nat_enable tools/misc/xen_nat_enable.README tools/misc/xen_read_console.c
line diff
     1.1 --- a/.rootkeys	Thu Sep 18 11:27:03 2003 +0000
     1.2 +++ b/.rootkeys	Thu Sep 18 13:12:27 2003 +0000
     1.3 @@ -144,8 +144,8 @@ 3eb781fd7211MZsLxJSiuy7W4KnJXg tools/int
     1.4  3f1668d4-FUY6Enc7MB3GcwUtfJ5HA tools/misc/mkdevnodes
     1.5  3f5ef5a2ir1kVAthS14Dc5QIRCEFWg tools/misc/xen-clone
     1.6  3f5ef5a2dTZP0nnsFoeq2jRf3mWDDg tools/misc/xen-clone.README
     1.7 -3f13d81eQ9Vz-h-6RDGFkNR9CRP95g tools/misc/xen_enable_nat
     1.8 -3f13d81e6Z6806ihYYUw8GVKNkYnuw tools/misc/xen_enable_nat.README
     1.9 +3f13d81eQ9Vz-h-6RDGFkNR9CRP95g tools/misc/xen_nat_enable
    1.10 +3f13d81e6Z6806ihYYUw8GVKNkYnuw tools/misc/xen_nat_enable.README
    1.11  3f1668d4F29Jsw0aC0bJEIkOBiagiQ tools/misc/xen_read_console.c
    1.12  3ddb79bcbOVHh38VJzc97-JEGD4dJQ xen/Makefile
    1.13  3f5ef5a2Qtt8AshYs-KXFFNhKALeIg xen/README
     2.1 --- a/tools/misc/xen_enable_nat	Thu Sep 18 11:27:03 2003 +0000
     2.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.3 @@ -1,20 +0,0 @@
     2.4 -#!/bin/sh
     2.5 -
     2.6 -run_iptables() {
     2.7 -    if ! iptables $@ ; then
     2.8 -	echo "iptables returned error; have you built netfilter?"; exit 1
     2.9 -    fi
    2.10 -}
    2.11 -
    2.12 -ifconfig eth0:0 169.254.1.0 up
    2.13 -run_iptables -t filter -F
    2.14 -run_iptables -t nat -F
    2.15 -run_iptables -t filter -X
    2.16 -run_iptables -t nat -X
    2.17 -run_iptables -t filter -P FORWARD DROP
    2.18 -run_iptables -t filter -A FORWARD -i eth0 -o eth0 -s 169.254.0.0/16 -j ACCEPT
    2.19 -run_iptables -t filter -A FORWARD -i eth0 -o eth0 -d 169.254.0.0/16 -m state --state ESTABLISHED,RELATED -j ACCEPT
    2.20 -run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.1.0 -j RETURN
    2.21 -run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.0.0/16 -j MASQUERADE
    2.22 -echo 1 > /proc/sys/net/ipv4/ip_forward
    2.23 -
     3.1 --- a/tools/misc/xen_enable_nat.README	Thu Sep 18 11:27:03 2003 +0000
     3.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.3 @@ -1,24 +0,0 @@
     3.4 -To use NAT in domain 0 to give access for other domains:
     3.5 -1) Make sure domain 0's kernel contains at least the following options:
     3.6 -   (other domains don't need this)
     3.7 -
     3.8 -CONFIG_NETFILTER=y
     3.9 -CONFIG_IP_NF_CONNTRACK=y
    3.10 -CONFIG_IP_NF_FTP=y
    3.11 -CONFIG_IP_NF_IPTABLES=y
    3.12 -CONFIG_IP_NF_MATCH_STATE=y
    3.13 -CONFIG_IP_NF_FILTER=y
    3.14 -CONFIG_IP_NF_NAT=y
    3.15 -CONFIG_IP_NF_NAT_NEEDED=y
    3.16 -CONFIG_IP_NF_TARGET_MASQUERADE=y
    3.17 -CONFIG_IP_NF_NAT_FTP=y
    3.18 -
    3.19 -2) Run the enable_nat script on domain 0 startup. This will bind
    3.20 -   169.254.1.0 to domain 0 and set up iptables for NAT. Make sure
    3.21 -   that the real IP address for eth0 has been set before running the
    3.22 -   script.
    3.23 -3) Give the other domains IP addresses in 169.254.0.0/16 and a default
    3.24 -   gateway of 169.254.1.0.
    3.25 -4) It should now work. Domains 1 and higher should be able to make
    3.26 -   outgoing connections through NAT. FTP active or passive should both
    3.27 -   work thanks to FTP connection tracking
     4.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     4.2 +++ b/tools/misc/xen_nat_enable	Thu Sep 18 13:12:27 2003 +0000
     4.3 @@ -0,0 +1,33 @@
     4.4 +#!/bin/sh
     4.5 +
     4.6 +run_iptables() {
     4.7 +    if ! iptables $@ ; then
     4.8 +	echo "iptables returned error; have you built netfilter?"; exit 1
     4.9 +    fi
    4.10 +}
    4.11 +
    4.12 +ifconfig eth0:0 169.254.1.0 up
    4.13 +run_iptables -t filter -F
    4.14 +run_iptables -t nat -F
    4.15 +run_iptables -t filter -X
    4.16 +run_iptables -t nat -X
    4.17 +run_iptables -t filter -P FORWARD DROP
    4.18 +run_iptables -t filter -A FORWARD -i eth0 -o eth0 -s 169.254.0.0/16 -j ACCEPT
    4.19 +run_iptables -t filter -A FORWARD -i eth0 -o eth0 -d 169.254.0.0/16 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    4.20 +run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.1.0 -j RETURN
    4.21 +run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.0.0/16 -j MASQUERADE
    4.22 +echo 1 > /proc/sys/net/ipv4/ip_forward
    4.23 +
    4.24 +#set up some port redirects for ssh
    4.25 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2201 -j DNAT --to 169.254.1.1:22
    4.26 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2202 -j DNAT --to 169.254.1.2:22
    4.27 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2203 -j DNAT --to 169.254.1.3:22
    4.28 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2204 -j DNAT --to 169.254.1.4:22
    4.29 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2205 -j DNAT --to 169.254.1.5:22
    4.30 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2206 -j DNAT --to 169.254.1.6:22
    4.31 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2207 -j DNAT --to 169.254.1.7:22
    4.32 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2208 -j DNAT --to 169.254.1.8:22
    4.33 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2209 -j DNAT --to 169.254.1.9:22
    4.34 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2210 -j DNAT --to 169.254.1.10:22
    4.35 +
    4.36 +
     5.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     5.2 +++ b/tools/misc/xen_nat_enable.README	Thu Sep 18 13:12:27 2003 +0000
     5.3 @@ -0,0 +1,24 @@
     5.4 +To use NAT in domain 0 to give access for other domains:
     5.5 +1) Make sure domain 0's kernel contains at least the following options:
     5.6 +   (other domains don't need this)
     5.7 +
     5.8 +CONFIG_NETFILTER=y
     5.9 +CONFIG_IP_NF_CONNTRACK=y
    5.10 +CONFIG_IP_NF_FTP=y
    5.11 +CONFIG_IP_NF_IPTABLES=y
    5.12 +CONFIG_IP_NF_MATCH_STATE=y
    5.13 +CONFIG_IP_NF_FILTER=y
    5.14 +CONFIG_IP_NF_NAT=y
    5.15 +CONFIG_IP_NF_NAT_NEEDED=y
    5.16 +CONFIG_IP_NF_TARGET_MASQUERADE=y
    5.17 +CONFIG_IP_NF_NAT_FTP=y
    5.18 +
    5.19 +2) Run the enable_nat script on domain 0 startup. This will bind
    5.20 +   169.254.1.0 to domain 0 and set up iptables for NAT. Make sure
    5.21 +   that the real IP address for eth0 has been set before running the
    5.22 +   script.
    5.23 +3) Give the other domains IP addresses in 169.254.0.0/16 and a default
    5.24 +   gateway of 169.254.1.0.
    5.25 +4) It should now work. Domains 1 and higher should be able to make
    5.26 +   outgoing connections through NAT. FTP active or passive should both
    5.27 +   work thanks to FTP connection tracking
     6.1 --- a/tools/misc/xen_read_console.c	Thu Sep 18 11:27:03 2003 +0000
     6.2 +++ b/tools/misc/xen_read_console.c	Thu Sep 18 13:12:27 2003 +0000
     6.3 @@ -45,7 +45,7 @@ int main(void)
     6.4          if ( buf[len-1] != '\n' ) { buf[len] = '\n'; len++; }
     6.5          buf[len] = '\0';
     6.6  
     6.7 -        printf("%s", buf);
     6.8 +        printf("[%d] %s", ntohs(from.sin_port),buf);
     6.9  
    6.10          fromlen = sizeof(from);
    6.11      }