* Re: how to setup NAT for domU?
2005-01-26 11:35 ` Grzegorz Milos
@ 2005-01-27 13:11 ` Grzegorz Milos
2005-01-27 16:09 ` Andrew Theurer
1 sibling, 0 replies; 6+ messages in thread
From: Grzegorz Milos @ 2005-01-27 13:11 UTC (permalink / raw)
To: xen-devel
[-- Attachment #1: Type: text/plain, Size: 1234 bytes --]
For those who prefer patching instead of coping the files from the archive the
patchfile is attached to the email.
Cheers
Gregor
> I've created scripts to do that. Should they be included in the
> repositories (Ian, Keir)?
> Here are they again.
>
> (configure your xend-config.sxp to use them instead of the default ones,
> place them at /etc/xen/scripts)
>
> Cheers
> Gregor
>
> > hello,
> >
> > I want my domU to use NAT, so it can access the internet with private
> > IP address, but dont know how to do that. I looked at the Xen user
> > manual, but it doesnt mention the solution for this problem either.
> >
> > Thank you a lot,
> > AQ
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> > Tool for open source databases. Create drag-&-drop reports. Save time
> > by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> > Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/xen-devel
--
Quidquid latine dictum sit, altum viditur --- Anon
[-- Attachment #2: nat-patch --]
[-- Type: text/x-diff, Size: 9516 bytes --]
diff -Nru a/linux-2.6.10-xen-sparse/arch/xen/configs/xen0_defconfig b/linux-2.6.10-xen-sparse/arch/xen/configs/xen0_defconfig
--- a/linux-2.6.10-xen-sparse/arch/xen/configs/xen0_defconfig 2005-01-23 13:28:24 +00:00
+++ b/linux-2.6.10-xen-sparse/arch/xen/configs/xen0_defconfig 2005-01-27 11:48:16 +00:00
@@ -501,7 +501,7 @@
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=m
# CONFIG_IP_NF_MATCH_LIMIT is not set
-# CONFIG_IP_NF_MATCH_IPRANGE is not set
+CONFIG_IP_NF_MATCH_IPRANGE=m
# CONFIG_IP_NF_MATCH_MAC is not set
# CONFIG_IP_NF_MATCH_PKTTYPE is not set
# CONFIG_IP_NF_MATCH_MARK is not set
@@ -524,11 +524,20 @@
# CONFIG_IP_NF_MATCH_SCTP is not set
# CONFIG_IP_NF_MATCH_COMMENT is not set
# CONFIG_IP_NF_MATCH_HASHLIMIT is not set
-# CONFIG_IP_NF_FILTER is not set
+CONFIG_IP_NF_FILTER=m
+CONFIG_IP_NF_TARGET_REJECT=m
# CONFIG_IP_NF_TARGET_LOG is not set
# CONFIG_IP_NF_TARGET_ULOG is not set
# CONFIG_IP_NF_TARGET_TCPMSS is not set
-# CONFIG_IP_NF_NAT is not set
+CONFIG_IP_NF_NAT=m
+CONFIG_IP_NF_NAT_NEEDED=y
+CONFIG_IP_NF_TARGET_MASQUERADE=m
+# CONFIG_IP_NF_TARGET_REDIRECT is not set
+# CONFIG_IP_NF_TARGET_NETMAP is not set
+# CONFIG_IP_NF_TARGET_SAME is not set
+# CONFIG_IP_NF_NAT_LOCAL is not set
+# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
+CONFIG_IP_NF_NAT_FTP=m
# CONFIG_IP_NF_MANGLE is not set
# CONFIG_IP_NF_RAW is not set
# CONFIG_IP_NF_ARPTABLES is not set
diff -Nru a/tools/examples/network-nat b/tools/examples/network-nat
--- /dev/null Wed Dec 31 16:00:00 196900
+++ b/tools/examples/network-nat 2005-01-27 11:48:16 +00:00
@@ -0,0 +1,77 @@
+#!/bin/sh
+#============================================================================
+# Default Xen network start/stop script.
+# Xend calls a network script when it starts.
+# The script name to use is defined in /etc/xen/xend-config.sxp
+# in the network-script field.
+#
+# Usage:
+#
+# network-route (start|stop|status) {VAR=VAL}*
+#
+# Vars:
+#
+# netdev The gateway interface (default eth0).
+# antispoof Whether to use iptables to prevent spoofing (default yes).
+#
+#============================================================================
+
+
+
+# Exit if anything goes wrong.
+set -e
+
+# First arg is the operation.
+OP=$1
+shift
+
+# Pull variables in args in to environment.
+for arg ; do export "${arg}" ; done
+
+netdev=${netdev:-eth0}
+# antispoofing not yet implemented
+antispoof=${antispoof:-yes}
+
+echo "network-nat $OP netdev=$netdev antispoof=$antispoof"
+
+
+op_start() {
+ echo 1 >/proc/sys/net/ipv4/ip_forward
+ iptables -t nat -A POSTROUTING -o ${netdev} -j MASQUERADE
+}
+
+
+op_stop() {
+ iptables -t nat -D POSTROUTING -o ${netdev} -j MASQUERADE
+}
+
+
+show_status() {
+ echo '============================================================'
+ ifconfig
+ echo ' '
+ ip route list
+ echo ' '
+ route -n
+ echo '============================================================'
+
+}
+
+case ${OP} in
+ start)
+ op_start
+ ;;
+
+ stop)
+ op_stop
+ ;;
+
+ status)
+ show_status
+ ;;
+
+ *)
+ echo 'Unknown command: ' ${OP}
+ echo 'Valid commands are: start, stop, status'
+ exit 1
+esac
diff -Nru a/tools/examples/vif-nat b/tools/examples/vif-nat
--- /dev/null Wed Dec 31 16:00:00 196900
+++ b/tools/examples/vif-nat 2005-01-27 11:48:16 +00:00
@@ -0,0 +1,66 @@
+#!/bin/sh
+#============================================================================
+# /etc/xen/vif-nat
+#
+# Script for configuring a vif in routed-nat mode.
+# Xend calls a vif script when bringing a vif up or down.
+# This script is the default - but it can be configured for each vif.
+#
+# Example invocation:
+#
+# vif-nat up domain=VM1 vif=vif1.0 ip="192.168.0.10/31"
+#
+# Usage:
+# vif-nat (up|down) {VAR=VAL}*
+#
+# Vars:
+#
+# domain name of the domain the interface is on (required).
+# vif vif interface name (required).
+# ip list of IP networks for the vif, space-separated (required).
+#============================================================================
+
+# Exit if anything goes wrong
+set -e
+
+echo "vif-nat $*"
+
+# Operation name.
+OP=$1
+shift
+
+# Pull variables in args into environment
+for arg ; do export "${arg}" ; done
+
+# Required parameters. Fail if not set.
+domain=${domain:?}
+vif=${vif:?}
+ip=${ip:?}
+
+# better way to strip /netmask from the ip?
+vif_ip=`echo ${ip} | awk -F. '{print $1"."$2"."$3"."$4}'`
+
+main_ip=`ifconfig eth0 | grep "inet addr:" | sed -e 's/.*inet addr:\(\w\w*\.\w\w*\.\w\w*\.\w\w*\).*/\1/'`
+
+# Are we going up or down?
+case $OP in
+ up)
+ ifconfig ${vif} ${vif_ip} netmask 255.255.255.0 up
+ echo 1 >/proc/sys/net/ipv4/conf/${vif}/proxy_arp
+ iptcmd='-A'
+ ipcmd='a'
+ ;;
+ down)
+ ifconfig ${vif} down
+ iptcmd='-D'
+ ipcmd='d'
+ ;;
+ *)
+ echo 'Invalid command: ' $OP
+ echo 'Valid commands are: up, down'
+ exit 1
+ ;;
+esac
+
+ip r ${ipcmd} ${ip} dev ${vif} src ${main_ip}
+# iptables ${iptcmd} FORWARD -m physdev --physdev-in ${vif} -p udp --sport 68 --dport 67 -j ACCEPT
diff -Nru a/tools/examples/xmexample3 b/tools/examples/xmexample3
--- /dev/null Wed Dec 31 16:00:00 196900
+++ b/tools/examples/xmexample3 2005-01-27 11:48:17 +00:00
@@ -0,0 +1,120 @@
+# -*- mode: python; -*-
+#============================================================================
+# Example Python setup script for 'xm create'.
+# This script sets the parameters used when a domain is created using 'xm create'.
+#
+# This is a relatively advanced script that uses a parameter, vmid, to control
+# the settings. So this script can be used to start a set of domains by
+# setting the vmid parameter on the 'xm create' command line. For example:
+#
+# xm create vmid=1
+# xm create vmid=2
+# xm create vmid=3
+#
+# The vmid is purely a script variable, and has no effect on the the domain
+# id assigned to the new domain.
+#============================================================================
+
+# Define script variables here.
+# xm_vars is defined automatically, use xm_vars.var() to define a variable.
+
+# This function checks that 'vmid' has been given a valid value.
+# It is called automatically by 'xm create'.
+def vmid_check(var, val):
+ val = int(val)
+ if val <= 0:
+ raise ValueError
+ return val
+
+# Define the 'vmid' variable so that 'xm create' knows about it.
+xm_vars.var('vmid',
+ use="Virtual machine id. Integer greater than 0.",
+ check=vmid_check)
+
+# Check the defined variables have valid values..
+xm_vars.check()
+
+#----------------------------------------------------------------------------
+# Kernel image file.
+kernel = "/path/to/domU/kernel"
+
+# Optional ramdisk.
+#ramdisk = "/boot/initrd.gz"
+
+# The domain build function. Default is 'linux'.
+#builder='linux'
+
+# Initial memory allocation (in megabytes) for the new domain.
+memory = 64
+
+# A name for the new domain. All domains have to have different names,
+# so we use the vmid to create a name.
+name = "VM%d" % vmid
+
+# Which CPU to start domain on?
+#cpu = -1 # leave to Xen to pick
+cpu = vmid # set based on vmid (mod number of CPUs)
+
+#----------------------------------------------------------------------------
+# Define network interfaces.
+
+# Number of network interfaces. Default is 1.
+#nics=1
+
+# Optionally define mac and/or bridge for the network interfaces.
+# Random MACs are assigned if not given.
+
+vif = [ 'ip=192.168.%d.1/24' % (vmid)]
+
+#----------------------------------------------------------------------------
+# Define the disk devices you want the domain to have access to, and
+# what you want them accessible as.
+# Each disk entry is of the form phy:UNAME,DEV,MODE
+# where UNAME is the device, DEV is the device name the domain will see,
+# and MODE is r for read-only, w for read-write.
+
+# This makes the disk device depend on the vmid - assuming
+# tHat devices sda7, sda8 etc. exist. The device is exported
+# to all domains as sda1.
+# All domains get sda6 read-only (to use for /usr, see below).
+disk = [ 'phy:hda%d,hda1,w' % (vmid)]
+
+#----------------------------------------------------------------------------
+# Set the kernel command line for the new domain.
+# You only need to define the IP parameters and hostname if the domain's
+# IP config doesn't, e.g. in ifcfg-eth0 or via DHCP.
+# You can use 'extra' to set the runlevel and custom environment
+# variables used by custom rc scripts (e.g. VMID=, usr= ).
+
+# Set if you want dhcp to allocate the IP address.
+dhcp="off"
+ip="192.168.%d.2" % (vmid)
+# Set netmask.
+netmask="255.255.255.0"
+# Set default gateway.
+gateway="192.168.%d.1" % (vmid)
+# Set the hostname.
+hostname= "domain-%d.xeno" % vmid
+
+# Set root device.
+root = "/dev/hda1 ro"
+
+# Root device for nfs.
+#root = "/dev/nfs"
+# The nfs server.
+#nfs_server = "10.212.4.103"
+# Root directory on the nfs server.
+#nfs_root = "/path/to/root/filesystem"
+
+# Sets runlevel 4 and the device for /usr.
+extra = "4 VMID=%d" % vmid
+
+#----------------------------------------------------------------------------
+# Set according to whether you want the domain restarted when it exits.
+# The default is 'onreboot', which restarts the domain when it shuts down
+# with exit code reboot.
+# Other values are 'always', and 'never'.
+
+#restart = 'onreboot'
+
+#============================================================================
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: how to setup NAT for domU?
2005-01-26 11:35 ` Grzegorz Milos
2005-01-27 13:11 ` Grzegorz Milos
@ 2005-01-27 16:09 ` Andrew Theurer
2005-01-27 21:59 ` Gregor Milos
[not found] ` <200501272158.27123.gm281@hermes.cam.ac.uk>
1 sibling, 2 replies; 6+ messages in thread
From: Andrew Theurer @ 2005-01-27 16:09 UTC (permalink / raw)
To: Grzegorz Milos; +Cc: xen-devel
Gregor, in your xmexample script you have:
vif = [ 'ip=192.168.%d.1/24' % (vmid)]
I have a much simpler config file, which has:
vif = [ 'ip=192.168.2.1/24']
...which I tried to use but I get an error from xm create. Looking at
create.py (xen-unstable) , I don't see a provision to parse assignment
for ip= for vif:
gopts.var('vif', val="mac=MAC,bridge=BRIDGE,script=SCRIPT,backend=DOM",
Am I missing something, or is it possible you are using this on an
unreleased build?
Thanks,
Andrew Theurer
Grzegorz Milos wrote:
>I've created scripts to do that. Should they be included in the repositories
>(Ian, Keir)?
>Here are they again.
>
>(configure your xend-config.sxp to use them instead of the default ones, place
>them at /etc/xen/scripts)
>
>Cheers
>Gregor
>
>
>
>>hello,
>>
>>I want my domU to use NAT, so it can access the internet with private
>>IP address, but dont know how to do that. I looked at the Xen user
>>manual, but it doesnt mention the solution for this problem either.
>>
>>Thank you a lot,
>>AQ
>>
>>
>>-------------------------------------------------------
>>This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
>>Tool for open source databases. Create drag-&-drop reports. Save time
>>by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
>>Download a FREE copy at http://www.intelliview.com/go/osdn_nl
>>_______________________________________________
>>Xen-devel mailing list
>>Xen-devel@lists.sourceforge.net
>>https://lists.sourceforge.net/lists/listinfo/xen-devel
>>
>>
>
>
>
-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
^ permalink raw reply [flat|nested] 6+ messages in thread