From: iap10@labyrinth.cl.cam.ac.uk Date: Thu, 18 Sep 2003 13:12:27 +0000 (+0000) Subject: bitkeeper revision 1.433.1.1 (3f69af3bKFwfP85Q4qGIyuQAHKdb6w) X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~18692^2 X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=be4c208d607d56c3dfaf0227c9bb18fb92cef8b0;p=xen.git bitkeeper revision 1.433.1.1 (3f69af3bKFwfP85Q4qGIyuQAHKdb6w) xen_read_console and xen_nat_enable fixes --- diff --git a/.rootkeys b/.rootkeys index d8010aea92..80f452d4e2 100644 --- a/.rootkeys +++ b/.rootkeys @@ -144,8 +144,8 @@ 3f1668d4-FUY6Enc7MB3GcwUtfJ5HA tools/misc/mkdevnodes 3f5ef5a2ir1kVAthS14Dc5QIRCEFWg tools/misc/xen-clone 3f5ef5a2dTZP0nnsFoeq2jRf3mWDDg tools/misc/xen-clone.README -3f13d81eQ9Vz-h-6RDGFkNR9CRP95g tools/misc/xen_enable_nat -3f13d81e6Z6806ihYYUw8GVKNkYnuw tools/misc/xen_enable_nat.README +3f13d81eQ9Vz-h-6RDGFkNR9CRP95g tools/misc/xen_nat_enable +3f13d81e6Z6806ihYYUw8GVKNkYnuw tools/misc/xen_nat_enable.README 3f1668d4F29Jsw0aC0bJEIkOBiagiQ tools/misc/xen_read_console.c 3ddb79bcbOVHh38VJzc97-JEGD4dJQ xen/Makefile 3f5ef5a2Qtt8AshYs-KXFFNhKALeIg xen/README diff --git a/tools/misc/xen_enable_nat b/tools/misc/xen_enable_nat deleted file mode 100755 index e6b21a779b..0000000000 --- a/tools/misc/xen_enable_nat +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh - -run_iptables() { - if ! iptables $@ ; then - echo "iptables returned error; have you built netfilter?"; exit 1 - fi -} - -ifconfig eth0:0 169.254.1.0 up -run_iptables -t filter -F -run_iptables -t nat -F -run_iptables -t filter -X -run_iptables -t nat -X -run_iptables -t filter -P FORWARD DROP -run_iptables -t filter -A FORWARD -i eth0 -o eth0 -s 169.254.0.0/16 -j ACCEPT -run_iptables -t filter -A FORWARD -i eth0 -o eth0 -d 169.254.0.0/16 -m state --state ESTABLISHED,RELATED -j ACCEPT -run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.1.0 -j RETURN -run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.0.0/16 -j MASQUERADE -echo 1 > /proc/sys/net/ipv4/ip_forward - diff --git a/tools/misc/xen_enable_nat.README b/tools/misc/xen_enable_nat.README deleted file mode 100644 index 0c6dd1cd70..0000000000 --- a/tools/misc/xen_enable_nat.README +++ /dev/null @@ -1,24 +0,0 @@ -To use NAT in domain 0 to give access for other domains: -1) Make sure domain 0's kernel contains at least the following options: - (other domains don't need this) - -CONFIG_NETFILTER=y -CONFIG_IP_NF_CONNTRACK=y -CONFIG_IP_NF_FTP=y -CONFIG_IP_NF_IPTABLES=y -CONFIG_IP_NF_MATCH_STATE=y -CONFIG_IP_NF_FILTER=y -CONFIG_IP_NF_NAT=y -CONFIG_IP_NF_NAT_NEEDED=y -CONFIG_IP_NF_TARGET_MASQUERADE=y -CONFIG_IP_NF_NAT_FTP=y - -2) Run the enable_nat script on domain 0 startup. This will bind - 169.254.1.0 to domain 0 and set up iptables for NAT. Make sure - that the real IP address for eth0 has been set before running the - script. -3) Give the other domains IP addresses in 169.254.0.0/16 and a default - gateway of 169.254.1.0. -4) It should now work. Domains 1 and higher should be able to make - outgoing connections through NAT. FTP active or passive should both - work thanks to FTP connection tracking diff --git a/tools/misc/xen_nat_enable b/tools/misc/xen_nat_enable new file mode 100755 index 0000000000..d1477f3604 --- /dev/null +++ b/tools/misc/xen_nat_enable @@ -0,0 +1,33 @@ +#!/bin/sh + +run_iptables() { + if ! iptables $@ ; then + echo "iptables returned error; have you built netfilter?"; exit 1 + fi +} + +ifconfig eth0:0 169.254.1.0 up +run_iptables -t filter -F +run_iptables -t nat -F +run_iptables -t filter -X +run_iptables -t nat -X +run_iptables -t filter -P FORWARD DROP +run_iptables -t filter -A FORWARD -i eth0 -o eth0 -s 169.254.0.0/16 -j ACCEPT +run_iptables -t filter -A FORWARD -i eth0 -o eth0 -d 169.254.0.0/16 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT +run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.1.0 -j RETURN +run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.0.0/16 -j MASQUERADE +echo 1 > /proc/sys/net/ipv4/ip_forward + +#set up some port redirects for ssh +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2201 -j DNAT --to 169.254.1.1:22 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2202 -j DNAT --to 169.254.1.2:22 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2203 -j DNAT --to 169.254.1.3:22 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2204 -j DNAT --to 169.254.1.4:22 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2205 -j DNAT --to 169.254.1.5:22 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2206 -j DNAT --to 169.254.1.6:22 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2207 -j DNAT --to 169.254.1.7:22 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2208 -j DNAT --to 169.254.1.8:22 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2209 -j DNAT --to 169.254.1.9:22 +run_iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2210 -j DNAT --to 169.254.1.10:22 + + diff --git a/tools/misc/xen_nat_enable.README b/tools/misc/xen_nat_enable.README new file mode 100644 index 0000000000..0c6dd1cd70 --- /dev/null +++ b/tools/misc/xen_nat_enable.README @@ -0,0 +1,24 @@ +To use NAT in domain 0 to give access for other domains: +1) Make sure domain 0's kernel contains at least the following options: + (other domains don't need this) + +CONFIG_NETFILTER=y +CONFIG_IP_NF_CONNTRACK=y +CONFIG_IP_NF_FTP=y +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_MATCH_STATE=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_NAT_NEEDED=y +CONFIG_IP_NF_TARGET_MASQUERADE=y +CONFIG_IP_NF_NAT_FTP=y + +2) Run the enable_nat script on domain 0 startup. This will bind + 169.254.1.0 to domain 0 and set up iptables for NAT. Make sure + that the real IP address for eth0 has been set before running the + script. +3) Give the other domains IP addresses in 169.254.0.0/16 and a default + gateway of 169.254.1.0. +4) It should now work. Domains 1 and higher should be able to make + outgoing connections through NAT. FTP active or passive should both + work thanks to FTP connection tracking diff --git a/tools/misc/xen_read_console.c b/tools/misc/xen_read_console.c index 4e82492bec..43879e5035 100644 --- a/tools/misc/xen_read_console.c +++ b/tools/misc/xen_read_console.c @@ -45,7 +45,7 @@ int main(void) if ( buf[len-1] != '\n' ) { buf[len] = '\n'; len++; } buf[len] = '\0'; - printf("%s", buf); + printf("[%d] %s", ntohs(from.sin_port),buf); fromlen = sizeof(from); }