Re: [Sysadmins] XEN & network - Vyatcheslav Perevalov

ALT Linux sysadmins discussion
 help / color / mirror / Atom feed

From: Vyatcheslav Perevalov <vip0@seversk.ru>
To: ALT Linux sysadmin discuss <sysadmins@lists.altlinux.org>
Subject: Re: [Sysadmins] XEN & network
Date: Sun, 28 Dec 2008 14:08:33 +0600
Message-ID: <200812281408.33645.vip0@seversk.ru> (raw)
In-Reply-To: <200812281246.28661.a.babich@rez.ru>

В сообщении от 28 декабря 2008 Alexei Babich написал(a):
> > > По крайней мере, у меня не получилось одолеть.
> >
> > Вот это другое дело. У меня похожая конфигурация работает.
>
> Сделайте милость, кратенько напишите, как это сделано.
> В ip r\ru  разберусь, если это надо задейстовать.

Всё уже четвёртый год вертится на АЛМ2.4

# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:40:F4:EA:3C:C2
          inet addr:<REAL_IP>  Bcast:<REAL_IP>.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:262834777 errors:0 dropped:0 overruns:0 frame:0
          TX packets:220763912 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0
          RX bytes:2436258642 (2323.3 Mb)  TX bytes:3663185382 (3493.4 Mb)

eth0:0    Link encap:Ethernet  HWaddr 00:40:F4:EA:3C:C2
          inet addr:192.168.0.11  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:24103406 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34798437 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0
          RX bytes:2726426386 (2600.1 Mb)  TX bytes:1233330823 (1176.1 Mb)

eth1      Link encap:Ethernet  HWaddr 00:E0:4C:E9:DF:47
          inet addr:192.168.75.1  Bcast:192.168.75.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:24103414 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34798445 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0
          RX bytes:2726426866 (2600.1 Mb)  TX bytes:1233331991 (1176.1 Mb)

Сети соответствующим образом разрулены в /etc/sysconfig/iptables

*filter

:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]

-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

-A FORWARD -s 192.168.0.12 -d 0/0 -m state --state NEW -j ACCEPT
#-A FORWARD -s 192.168.0.169 -d 0/0 -m state --state NEW -j ACCEPT
-A FORWARD -s 192.168.75.2 -d 0/0 -m state --state NEW -j ACCEPT
-A FORWARD -s 192.168.75.3 -d 0/0 -m state --state NEW -j ACCEPT
-A FORWARD -s 192.168.75.4 -d 0/0 -m state --state NEW -j ACCEPT
-A FORWARD -s 192.168.75.6 -d 0/0 -m state --state NEW -j ACCEPT
-A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i eth1 -s 192.168.75.0/24 -d 192.168.75.1 -m state --state NEW -j 
ACCEPT
-A INPUT -i eth0:0 -s 192.168.0.0/24 -d 192.168.0.11 -m state --state NEW -j 
ACCEPT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.0.12 -d ! 192.168.0.0/16 -j MASQUERADE
-A POSTROUTING -s 192.168.75.2 -d 0/0 -j MASQUERADE
-A POSTROUTING -s 192.168.75.4 -d 0/0 -j MASQUERADE
-A POSTROUTING -s 192.168.75.6 -d 0/0 -j MASQUERADE
COMMIT

Как-то так... 
Разумеется, это только выдержки.


-- 
Всего хорошего
		/vip

next prev parent reply	other threads:[~2008-12-28  8:08 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-12-27  3:38 Alexei Babich
2008-12-27 19:12 ` Maxim Tyurin
2008-12-28  7:18   ` Alexei Babich
2008-12-28  7:40     ` Vyatcheslav Perevalov
2008-12-28  7:46       ` Alexei Babich
2008-12-28  8:08         ` Vyatcheslav Perevalov [this message]
2008-12-28  8:23           ` Alexei Babich
2008-12-28 10:02             ` Alexei Babich
2008-12-28 10:57               ` Vyatcheslav Perevalov
2008-12-28 14:42 ` Michail Yakushin
2008-12-29  2:58   ` Alexei Babich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200812281408.33645.vip0@seversk.ru \
    --to=vip0@seversk.ru \
    --cc=sysadmins@lists.altlinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

ALT Linux sysadmins discussion

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/sysadmins/0 sysadmins/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 sysadmins sysadmins/ http://lore.altlinux.org/sysadmins \
		sysadmins@lists.altlinux.org sysadmins@lists.altlinux.ru sysadmins@lists.altlinux.com
	public-inbox-index sysadmins

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.sysadmins


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git