debuggers.hg
changeset 674:062359854730
bitkeeper revision 1.354 (3f13d8252JsqB0RyzDgBRPMkQeGSYw)
Merge labyrinth.cl.cam.ac.uk:/auto/groups/xeno/BK/xeno.bk
into labyrinth.cl.cam.ac.uk:/auto/groups/xeno/users/rac61/xeno.bk
Merge labyrinth.cl.cam.ac.uk:/auto/groups/xeno/BK/xeno.bk
into labyrinth.cl.cam.ac.uk:/auto/groups/xeno/users/rac61/xeno.bk
| author | rac61@labyrinth.cl.cam.ac.uk |
|---|---|
| date | Tue Jul 15 10:32:05 2003 +0000 (2003-07-15) |
| parents | 2e36bfa1978c 8463f8865ddc |
| children | 9e2f11b00e2f |
| files | .rootkeys tools/misc/enable_nat tools/misc/enable_nat.README |
line diff
1.1 --- a/.rootkeys Tue Jul 15 09:22:29 2003 +0000 1.2 +++ b/.rootkeys Tue Jul 15 10:32:05 2003 +0000 1.3 @@ -138,6 +138,8 @@ 3eb781fd8oRfPgH7qTh7xvgmwD6NgA tools/int 1.4 3eb781fd0Eo9K1jEFCSAVzO51i_ngg tools/internal/xi_stop.c 1.5 3f108ae2to5nHRRXfvUK7oxgjcW_yA tools/internal/xi_usage.c 1.6 3eb781fd7211MZsLxJSiuy7W4KnJXg tools/internal/xi_vifinit 1.7 +3f13d81eQ9Vz-h-6RDGFkNR9CRP95g tools/misc/enable_nat 1.8 +3f13d81e6Z6806ihYYUw8GVKNkYnuw tools/misc/enable_nat.README 1.9 3ddb79bcbOVHh38VJzc97-JEGD4dJQ xen/Makefile 1.10 3ddb79bcCa2VbsMp7mWKlhgwLQUQGA xen/README 1.11 3ddb79bcWnTwYsQRWl_PaneJfa6p0w xen/Rules.mk
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/tools/misc/enable_nat Tue Jul 15 10:32:05 2003 +0000 2.3 @@ -0,0 +1,20 @@ 2.4 +#!/bin/sh 2.5 + 2.6 +run_iptables() { 2.7 + if ! iptables $@ ; then 2.8 + echo "iptables returned error; have you built netfilter?"; exit 1 2.9 + fi 2.10 +} 2.11 + 2.12 +ifconfig eth0:0 169.254.1.0 up 2.13 +run_iptables -t filter -F 2.14 +run_iptables -t nat -F 2.15 +run_iptables -t filter -X 2.16 +run_iptables -t nat -X 2.17 +run_iptables -t filter -P FORWARD DROP 2.18 +run_iptables -t filter -A FORWARD -i eth0 -o eth0 -s 169.254.0.0/16 -j ACCEPT 2.19 +run_iptables -t filter -A FORWARD -i eth0 -o eth0 -d 169.254.0.0/16 -m state --state ESTABLISHED,RELATED -j ACCEPT 2.20 +run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.1.0 -j RETURN 2.21 +run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.0.0/16 -j MASQUERADE 2.22 +echo 1 > /proc/sys/net/ipv4/ip_forward 2.23 +
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 3.2 +++ b/tools/misc/enable_nat.README Tue Jul 15 10:32:05 2003 +0000 3.3 @@ -0,0 +1,24 @@ 3.4 +To use NAT in domain 0 to give access for other domains: 3.5 +1) Make sure domain 0's kernel contains at least the following options: 3.6 + (other domains don't need this) 3.7 + 3.8 +CONFIG_NETFILTER=y 3.9 +CONFIG_IP_NF_CONNTRACK=y 3.10 +CONFIG_IP_NF_FTP=y 3.11 +CONFIG_IP_NF_IPTABLES=y 3.12 +CONFIG_IP_NF_MATCH_STATE=y 3.13 +CONFIG_IP_NF_FILTER=y 3.14 +CONFIG_IP_NF_NAT=y 3.15 +CONFIG_IP_NF_NAT_NEEDED=y 3.16 +CONFIG_IP_NF_TARGET_MASQUERADE=y 3.17 +CONFIG_IP_NF_NAT_FTP=y 3.18 + 3.19 +2) Run the enable_nat script on domain 0 startup. This will bind 3.20 + 169.254.1.0 to domain 0 and set up iptables for NAT. Make sure 3.21 + that the real IP address for eth0 has been set before running the 3.22 + script. 3.23 +3) Give the other domains IP addresses in 169.254.0.0/16 and a default 3.24 + gateway of 169.254.1.0. 3.25 +4) It should now work. Domains 1 and higher should be able to make 3.26 + outgoing connections through NAT. FTP active or passive should both 3.27 + work thanks to FTP connection tracking