3eb781fd0Eo9K1jEFCSAVzO51i_ngg tools/internal/xi_stop.c
3f108ae2to5nHRRXfvUK7oxgjcW_yA tools/internal/xi_usage.c
3eb781fd7211MZsLxJSiuy7W4KnJXg tools/internal/xi_vifinit
-3f13d81eQ9Vz-h-6RDGFkNR9CRP95g tools/misc/enable_nat
-3f13d81e6Z6806ihYYUw8GVKNkYnuw tools/misc/enable_nat.README
3f1668d4-FUY6Enc7MB3GcwUtfJ5HA tools/misc/mkdevnodes
-3f1668d4F29Jsw0aC0bJEIkOBiagiQ tools/misc/read_console_udp.c
3f5ef5a2ir1kVAthS14Dc5QIRCEFWg tools/misc/xen-clone
3f5ef5a2dTZP0nnsFoeq2jRf3mWDDg tools/misc/xen-clone.README
+3f13d81eQ9Vz-h-6RDGFkNR9CRP95g tools/misc/xen_enable_nat
+3f13d81e6Z6806ihYYUw8GVKNkYnuw tools/misc/xen_enable_nat.README
+3f1668d4F29Jsw0aC0bJEIkOBiagiQ tools/misc/xen_read_console.c
3ddb79bcbOVHh38VJzc97-JEGD4dJQ xen/Makefile
3f5ef5a2Qtt8AshYs-KXFFNhKALeIg xen/README
3ddb79bcWnTwYsQRWl_PaneJfa6p0w xen/Rules.mk
+++ /dev/null
-#!/bin/sh
-
-run_iptables() {
- if ! iptables $@ ; then
- echo "iptables returned error; have you built netfilter?"; exit 1
- fi
-}
-
-ifconfig eth0:0 169.254.1.0 up
-run_iptables -t filter -F
-run_iptables -t nat -F
-run_iptables -t filter -X
-run_iptables -t nat -X
-run_iptables -t filter -P FORWARD DROP
-run_iptables -t filter -A FORWARD -i eth0 -o eth0 -s 169.254.0.0/16 -j ACCEPT
-run_iptables -t filter -A FORWARD -i eth0 -o eth0 -d 169.254.0.0/16 -m state --state ESTABLISHED,RELATED -j ACCEPT
-run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.1.0 -j RETURN
-run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.0.0/16 -j MASQUERADE
-echo 1 > /proc/sys/net/ipv4/ip_forward
-
+++ /dev/null
-To use NAT in domain 0 to give access for other domains:
-1) Make sure domain 0's kernel contains at least the following options:
- (other domains don't need this)
-
-CONFIG_NETFILTER=y
-CONFIG_IP_NF_CONNTRACK=y
-CONFIG_IP_NF_FTP=y
-CONFIG_IP_NF_IPTABLES=y
-CONFIG_IP_NF_MATCH_STATE=y
-CONFIG_IP_NF_FILTER=y
-CONFIG_IP_NF_NAT=y
-CONFIG_IP_NF_NAT_NEEDED=y
-CONFIG_IP_NF_TARGET_MASQUERADE=y
-CONFIG_IP_NF_NAT_FTP=y
-
-2) Run the enable_nat script on domain 0 startup. This will bind
- 169.254.1.0 to domain 0 and set up iptables for NAT. Make sure
- that the real IP address for eth0 has been set before running the
- script.
-3) Give the other domains IP addresses in 169.254.0.0/16 and a default
- gateway of 169.254.1.0.
-4) It should now work. Domains 1 and higher should be able to make
- outgoing connections through NAT. FTP active or passive should both
- work thanks to FTP connection tracking
+++ /dev/null
-/******************************************************************************
- * Test program for reading console lines from DOM0 port 666.
- */
-
-#include <arpa/inet.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-int main(void)
-{
- unsigned char buf[208], abuf[32];
- struct sockaddr_in addr, from;
- int fromlen = sizeof(from);
- int len, fd = socket(PF_INET, SOCK_DGRAM, 0);
-
- if ( fd < 0 )
- {
- fprintf(stderr, "could not open datagram socket\n");
- return -1;
- }
-
- memset(&addr, 0, sizeof(addr));
- addr.sin_addr.s_addr = htonl(0xa9fe0100); /* 169.254.1.0 */
- addr.sin_port = htons(666);
- addr.sin_family = AF_INET;
- if ( bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0 )
- {
- fprintf(stderr, "could not bind to local address and port\n");
- return -1;
- }
-
- while ( (len = recvfrom(fd, buf, sizeof(buf), 0,
- (struct sockaddr *)&from, &fromlen))
- >= 0 )
- {
- printf("%d-byte message from %s:%d --\n", len,
- inet_ntop(AF_INET, &from.sin_addr, abuf, sizeof(abuf)),
- ntohs(from.sin_port));
-
- /* For sanity, clean up the string's tail. */
- if ( buf[len-1] != '\n' ) { buf[len] = '\n'; len++; }
- buf[len] = '\0';
-
- printf("%s", buf);
-
- fromlen = sizeof(from);
- }
-
- return 0;
-}
--- /dev/null
+#!/bin/sh
+
+run_iptables() {
+ if ! iptables $@ ; then
+ echo "iptables returned error; have you built netfilter?"; exit 1
+ fi
+}
+
+ifconfig eth0:0 169.254.1.0 up
+run_iptables -t filter -F
+run_iptables -t nat -F
+run_iptables -t filter -X
+run_iptables -t nat -X
+run_iptables -t filter -P FORWARD DROP
+run_iptables -t filter -A FORWARD -i eth0 -o eth0 -s 169.254.0.0/16 -j ACCEPT
+run_iptables -t filter -A FORWARD -i eth0 -o eth0 -d 169.254.0.0/16 -m state --state ESTABLISHED,RELATED -j ACCEPT
+run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.1.0 -j RETURN
+run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.0.0/16 -j MASQUERADE
+echo 1 > /proc/sys/net/ipv4/ip_forward
+
--- /dev/null
+To use NAT in domain 0 to give access for other domains:
+1) Make sure domain 0's kernel contains at least the following options:
+ (other domains don't need this)
+
+CONFIG_NETFILTER=y
+CONFIG_IP_NF_CONNTRACK=y
+CONFIG_IP_NF_FTP=y
+CONFIG_IP_NF_IPTABLES=y
+CONFIG_IP_NF_MATCH_STATE=y
+CONFIG_IP_NF_FILTER=y
+CONFIG_IP_NF_NAT=y
+CONFIG_IP_NF_NAT_NEEDED=y
+CONFIG_IP_NF_TARGET_MASQUERADE=y
+CONFIG_IP_NF_NAT_FTP=y
+
+2) Run the enable_nat script on domain 0 startup. This will bind
+ 169.254.1.0 to domain 0 and set up iptables for NAT. Make sure
+ that the real IP address for eth0 has been set before running the
+ script.
+3) Give the other domains IP addresses in 169.254.0.0/16 and a default
+ gateway of 169.254.1.0.
+4) It should now work. Domains 1 and higher should be able to make
+ outgoing connections through NAT. FTP active or passive should both
+ work thanks to FTP connection tracking
--- /dev/null
+/******************************************************************************
+ * Test program for reading console lines from DOM0 port 666.
+ */
+
+#include <arpa/inet.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+int main(void)
+{
+ unsigned char buf[208], abuf[32];
+ struct sockaddr_in addr, from;
+ int fromlen = sizeof(from);
+ int len, fd = socket(PF_INET, SOCK_DGRAM, 0);
+
+ if ( fd < 0 )
+ {
+ fprintf(stderr, "could not open datagram socket\n");
+ return -1;
+ }
+
+ memset(&addr, 0, sizeof(addr));
+ addr.sin_addr.s_addr = htonl(0xa9fe0100); /* 169.254.1.0 */
+ addr.sin_port = htons(666);
+ addr.sin_family = AF_INET;
+ if ( bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0 )
+ {
+ fprintf(stderr, "could not bind to local address and port\n");
+ return -1;
+ }
+
+ while ( (len = recvfrom(fd, buf, sizeof(buf), 0,
+ (struct sockaddr *)&from, &fromlen))
+ >= 0 )
+ {
+ printf("%d-byte message from %s:%d --\n", len,
+ inet_ntop(AF_INET, &from.sin_addr, abuf, sizeof(abuf)),
+ ntohs(from.sin_port));
+
+ /* For sanity, clean up the string's tail. */
+ if ( buf[len-1] != '\n' ) { buf[len] = '\n'; len++; }
+ buf[len] = '\0';
+
+ printf("%s", buf);
+
+ fromlen = sizeof(from);
+ }
+
+ return 0;
+}
projects / xen.git / commitdiff