From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <vip0@seversk.ru>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa.int.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=AWL,BAYES_00 autolearn=ham
	version=3.2.5
From: Vyatcheslav Perevalov <vip0@seversk.ru>
Organization: =?windows-1251?b?yO3m5e3l8CDv7iDt4Ovg5OrlIPHo8fLl7CDq7u3y8O7r/yDo?=
	=?windows-1251?b?IPPv8ODi6+Xt6P8g0NXH?= =?windows-1251?b?INHVyg==?=
To: ALT Linux sysadmin discuss <sysadmins@lists.altlinux.org>
Date: Sun, 28 Dec 2008 14:08:33 +0600
User-Agent: KMail/1.9.10
References: <200812270838.56184.a.babich@rez.ru>
	<200812281340.19164.vip0@seversk.ru>
	<200812281246.28661.a.babich@rez.ru>
In-Reply-To: <200812281246.28661.a.babich@rez.ru>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="koi8-r"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-Id: <200812281408.33645.vip0@seversk.ru>
Subject: Re: [Sysadmins] XEN & network
X-BeenThere: sysadmins@lists.altlinux.org
X-Mailman-Version: 2.1.10b3
Precedence: list
Reply-To: ALT Linux sysadmin discuss <sysadmins@lists.altlinux.org>
List-Id: ALT Linux sysadmin discuss <sysadmins.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/sysadmins>,
	<mailto:sysadmins-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sysadmins>
List-Post: <mailto:sysadmins@lists.altlinux.org>
List-Help: <mailto:sysadmins-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sysadmins>,
	<mailto:sysadmins-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Dec 2008 08:08:38 -0000
Archived-At: <http://lore.altlinux.org/sysadmins/200812281408.33645.vip0@seversk.ru/>
List-Archive: <http://lore.altlinux.org/sysadmins/>

=F7 =D3=CF=CF=C2=DD=C5=CE=C9=C9 =CF=D4 28 =C4=C5=CB=C1=C2=D2=D1 2008 Alexei=
 Babich =CE=C1=D0=C9=D3=C1=CC(a):
> > > =F0=CF =CB=D2=C1=CA=CE=C5=CA =CD=C5=D2=C5, =D5 =CD=C5=CE=D1 =CE=C5 =
=D0=CF=CC=D5=DE=C9=CC=CF=D3=D8 =CF=C4=CF=CC=C5=D4=D8.
> >
> > =F7=CF=D4 =DC=D4=CF =C4=D2=D5=C7=CF=C5 =C4=C5=CC=CF. =F5 =CD=C5=CE=D1 =
=D0=CF=C8=CF=D6=C1=D1 =CB=CF=CE=C6=C9=C7=D5=D2=C1=C3=C9=D1 =D2=C1=C2=CF=D4=
=C1=C5=D4.
>
> =F3=C4=C5=CC=C1=CA=D4=C5 =CD=C9=CC=CF=D3=D4=D8, =CB=D2=C1=D4=C5=CE=D8=CB=
=CF =CE=C1=D0=C9=DB=C9=D4=C5, =CB=C1=CB =DC=D4=CF =D3=C4=C5=CC=C1=CE=CF.
> =F7 ip r\ru =9A=D2=C1=DA=C2=C5=D2=D5=D3=D8, =C5=D3=CC=C9 =DC=D4=CF =CE=C1=
=C4=CF =DA=C1=C4=C5=CA=D3=D4=CF=D7=C1=D4=D8.

=F7=D3=A3 =D5=D6=C5 =DE=C5=D4=D7=A3=D2=D4=D9=CA =C7=CF=C4 =D7=C5=D2=D4=C9=
=D4=D3=D1 =CE=C1 =E1=EC=ED2.4

# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:40:F4:EA:3C:C2
          inet addr:<REAL_IP>  Bcast:<REAL_IP>.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:262834777 errors:0 dropped:0 overruns:0 frame:0
          TX packets:220763912 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0
          RX bytes:2436258642 (2323.3 Mb)  TX bytes:3663185382 (3493.4 Mb)

eth0:0    Link encap:Ethernet  HWaddr 00:40:F4:EA:3C:C2
          inet addr:192.168.0.11  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:24103406 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34798437 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0
          RX bytes:2726426386 (2600.1 Mb)  TX bytes:1233330823 (1176.1 Mb)

eth1      Link encap:Ethernet  HWaddr 00:E0:4C:E9:DF:47
          inet addr:192.168.75.1  Bcast:192.168.75.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:24103414 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34798445 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0
          RX bytes:2726426866 (2600.1 Mb)  TX bytes:1233331991 (1176.1 Mb)

=F3=C5=D4=C9 =D3=CF=CF=D4=D7=C5=D4=D3=D4=D7=D5=C0=DD=C9=CD =CF=C2=D2=C1=DA=
=CF=CD =D2=C1=DA=D2=D5=CC=C5=CE=D9 =D7 /etc/sysconfig/iptables

*filter

:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]

=2DA FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

=2DA FORWARD -s 192.168.0.12 -d 0/0 -m state --state NEW -j ACCEPT
#-A FORWARD -s 192.168.0.169 -d 0/0 -m state --state NEW -j ACCEPT
=2DA FORWARD -s 192.168.75.2 -d 0/0 -m state --state NEW -j ACCEPT
=2DA FORWARD -s 192.168.75.3 -d 0/0 -m state --state NEW -j ACCEPT
=2DA FORWARD -s 192.168.75.4 -d 0/0 -m state --state NEW -j ACCEPT
=2DA FORWARD -s 192.168.75.6 -d 0/0 -m state --state NEW -j ACCEPT
=2DA OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
=2DA INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
=2DA INPUT -i eth1 -s 192.168.75.0/24 -d 192.168.75.1 -m state --state NEW =
=2Dj=20
ACCEPT
=2DA INPUT -i eth0:0 -s 192.168.0.0/24 -d 192.168.0.11 -m state --state NEW=
 -j=20
ACCEPT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
=2DA POSTROUTING -s 192.168.0.12 -d ! 192.168.0.0/16 -j MASQUERADE
=2DA POSTROUTING -s 192.168.75.2 -d 0/0 -j MASQUERADE
=2DA POSTROUTING -s 192.168.75.4 -d 0/0 -j MASQUERADE
=2DA POSTROUTING -s 192.168.75.6 -d 0/0 -j MASQUERADE
COMMIT

=EB=C1=CB-=D4=CF =D4=C1=CB...=20
=F2=C1=DA=D5=CD=C5=C5=D4=D3=D1, =DC=D4=CF =D4=CF=CC=D8=CB=CF =D7=D9=C4=C5=
=D2=D6=CB=C9.


=2D-=20
=F7=D3=C5=C7=CF =C8=CF=D2=CF=DB=C5=C7=CF
		/vip