http://permalink.gmane.org/gmane.linux.hardware.dell.poweredge/38423
Some improvement in Xen FAQ
http://wiki.xensource.com/xenwiki/XenFaq
dom0_mem=875M
Squid set up
http://www.freeos.com/articles/2516/
Novell article for NAT etc on Xen
http://www.novell.com/communities/node/4094/xen-network-bridges-explained-with-troubleshooting-notes
Some good information is here
http://lists.xensource.com/archives/html/xen-users/2006-02/msg00030.html
http://www.howtoforge.com/perfect_xen_setup_debian_ubuntu_p6
Following text is on this link
http://lists.us.dell.com/pipermail/linux-poweredge/2010-April/041936.html
How do I test whether network-script is running or not in Xen Dom0.
I have a Debian Lenny Dom0.Running Xen on it and 4 virtual hosts on it.
I am currently setting up a proxy server in Dom0 which DomU's will be
able to use.The problem is before I go on to set NAT I wanted to test
bridges.
So I renamed the bridge in /etc/xen/xend-config.sxp
Code:
(network-script 'network-bridge bridge=ABCD')
but when I do a reboot or xend restart and do following
Code:
openworld:/etc/xen# brctl show
bridge name bridge id STP enabled interfaces
eth2 8000.0026b9824238 no peth2
vif1.0
vif2.0
vif3.0
vif4.0
openworld:/etc/xen#
the bridge is not renamed to ABCD above output is showing eth2 which
is not even default.
So I doubt that the script network-bridge has not been called so that
it renames the bridge or there is some thing else I should look for.
I had set up a dummy network interface on Dom0
dummy0
modprobe dummy0
then in Dom0 /etc/network/interfaces
added the ip to dummy interface.
in network-bridge netdev=dummy0') was set so that it was used.
brctl was showing this dummy and then a simple POSTROUTING configuration.
As following
Generated by iptables-save v1.4.2 on Mon Apr 12 00:26:28 2010
*nat
:PREROUTING ACCEPT [6947:1405079]
:POSTROUTING ACCEPT [259:36832]
:OUTPUT ACCEPT [37:2077]
-A POSTROUTING -s 172.21.100.0/24 -j MASQUERADE
COMMIT
# Completed on Mon Apr 12 00:26:28 2010
# Generated by iptables-save v1.4.2 on Mon Apr 12 00:26:28 2010
*mangle
:PREROUTING ACCEPT [381404:326958136]
:INPUT ACCEPT [6810:754933]
:FORWARD ACCEPT [405217:330924920]
:OUTPUT ACCEPT [1715:334655]
:POSTROUTING ACCEPT [406680:331235857]
COMMIT
# Completed on Mon Apr 12 00:26:28 2010
# Generated by iptables-save v1.4.2 on Mon Apr 12 00:26:28 2010
*filter
:INPUT ACCEPT [90483:38271495]
:FORWARD ACCEPT [538682:367785045]
:OUTPUT ACCEPT [48797:6397869]
-A FORWARD -s 172.21.100.152/32 -m physdev --physdev-in vif1.0 -j ACCEPT
-A FORWARD -p udp -m physdev --physdev-in vif1.0 -m udp --sport 68 --dport 67 -j ACCEPT
-A FORWARD -s 172.21.100.154/32 -m physdev --physdev-in vif2.0 -j ACCEPT
-A FORWARD -p udp -m physdev --physdev-in vif2.0 -m udp --sport 68 --dport 67 -j ACCEPT
-A FORWARD -s 172.21.100.153/32 -m physdev --physdev-in vif3.0 -j ACCEPT
-A FORWARD -p udp -m physdev --physdev-in vif3.0 -m udp --sport 68 --dport 67 -j ACCEPT
-A FORWARD -s 172.21.100.151/32 -m physdev --physdev-in vif5.0 -j ACCEPT
-A FORWARD -p udp -m physdev --physdev-in vif5.0 -m udp --sport 68 --dport 67 -j ACCEPT
COMMIT
# Completed on Mon Apr 12 00:26:28 2010
~
~
Sol
My general technique for seeing what's up with the script in a case like
this is to insert at the top:
set -x
exec &>/tmp/network-script$$
Then you'll get a file with the pid on the end every time it's executed,
with an exec trace. Don't forget to clean up the /tmp files and the
script when done.
Some one is talking here not read myself completely how helpful is it.
http://article.gmane.org/gmane.comp.emulators.xen.user/56768
Port Forwarding on IPTABLES
http://www.debian-administration.org/articles/73
http://www.hackorama.com/network/portfwd.shtml
http://www.linuxquestions.org/questions/linux-networking-3/how-to-ssh-to-computers-on-lan-from-a-proxy-that-has-public-ip-801810/
Some more IPTABLE rules
http://oceanpark.com/notes/firewall_example.html
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables
Hands on guide to Debian
http://techpubs.spinlocksolutions.com/dklar/debian.html
You can try SSHD filter
http://www.google.co.in/search?sourceid=chrome&ie=UTF-8&q=sshdfilter
No comments:
Post a Comment