[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] iptables on guests
Im trying to use iptables on one of the guests. my chain policy is drop and my rules are iptables -A INPUT -p icmp -s 0/0 -d 0/0 -j ACCEPT My default output policy is ACCEPT Fajar A. Nugraha wrote: On Mon, Apr 27, 2009 at 9:37 PM, Kai Schaetzl <maillists@xxxxxxxxxxxxx> wrote:The situation is as follows. Three machines. All in the same rack to the same switch, 100 MBit links, in the same datacenter. All eth0 are on the same routable subnet. Two of the machines are cross-over-cabled to the third machine via the additional ports. These ports are all on a non-routable subnet of their own, no gateway set. I want to access the domUs via these extra 1 Gig links for instance for backup purposes. Going thru the direct cable link would be much faster. So, I need something to "bridge" from eth1 to eth0 on the source machines. If I add an IP address from the same subnet as eth1 to eth0:1 and to each of the running domUs I can access them (I guess by way of broadcasting).No, that won't work. Are you famliar with the difference between bridge and route? I believe you have two alternatives : (1) Setup multiple bridges For example, br0 for eth0 and br1 for eth1. Then you assign two NICs to domU, each NIC on different bridge. Think of it like having two switches: one switch for eth0, another for eth1. In this scenario domU will be like another dom0 in that it have a "private connection" to third machine via second NIC. (2) setup static routing on dom0 and domU. This way traffic from domU to thrid machine can go something like this: domU eth0 -> dom0 xenbr0 -> dom0 eth1 -> third machine eth1. Note that this does not involve adding extra bridge or another IP address. You just setup static routes and enable ipv4 forwarding on dom0. Regards, Fajar _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |