From 817cec1db4bc8fbfe2e1ebf4b49928ad606ea79d Mon Sep 17 00:00:00 2001 From: "iap10@labyrinth.cl.cam.ac.uk" Date: Tue, 16 Sep 2003 20:36:20 +0000 Subject: bitkeeper revision 1.427 (3f677444W1iVSBCd44M-cSsiZXgCsg) rename xen_enable_nat and xen_read_console --- tools/misc/enable_nat | 20 --------------- tools/misc/enable_nat.README | 24 ------------------ tools/misc/read_console_udp.c | 53 ---------------------------------------- tools/misc/xen_enable_nat | 20 +++++++++++++++ tools/misc/xen_enable_nat.README | 24 ++++++++++++++++++ tools/misc/xen_read_console.c | 53 ++++++++++++++++++++++++++++++++++++++++ 6 files changed, 97 insertions(+), 97 deletions(-) delete mode 100755 tools/misc/enable_nat delete mode 100644 tools/misc/enable_nat.README delete mode 100644 tools/misc/read_console_udp.c create mode 100755 tools/misc/xen_enable_nat create mode 100644 tools/misc/xen_enable_nat.README create mode 100644 tools/misc/xen_read_console.c (limited to 'tools') diff --git a/tools/misc/enable_nat b/tools/misc/enable_nat deleted file mode 100755 index e6b21a779b..0000000000 --- a/tools/misc/enable_nat +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh - -run_iptables() { - if ! iptables $@ ; then - echo "iptables returned error; have you built netfilter?"; exit 1 - fi -} - -ifconfig eth0:0 169.254.1.0 up -run_iptables -t filter -F -run_iptables -t nat -F -run_iptables -t filter -X -run_iptables -t nat -X -run_iptables -t filter -P FORWARD DROP -run_iptables -t filter -A FORWARD -i eth0 -o eth0 -s 169.254.0.0/16 -j ACCEPT -run_iptables -t filter -A FORWARD -i eth0 -o eth0 -d 169.254.0.0/16 -m state --state ESTABLISHED,RELATED -j ACCEPT -run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.1.0 -j RETURN -run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.0.0/16 -j MASQUERADE -echo 1 > /proc/sys/net/ipv4/ip_forward - diff --git a/tools/misc/enable_nat.README b/tools/misc/enable_nat.README deleted file mode 100644 index 0c6dd1cd70..0000000000 --- a/tools/misc/enable_nat.README +++ /dev/null @@ -1,24 +0,0 @@ -To use NAT in domain 0 to give access for other domains: -1) Make sure domain 0's kernel contains at least the following options: - (other domains don't need this) - -CONFIG_NETFILTER=y -CONFIG_IP_NF_CONNTRACK=y -CONFIG_IP_NF_FTP=y -CONFIG_IP_NF_IPTABLES=y -CONFIG_IP_NF_MATCH_STATE=y -CONFIG_IP_NF_FILTER=y -CONFIG_IP_NF_NAT=y -CONFIG_IP_NF_NAT_NEEDED=y -CONFIG_IP_NF_TARGET_MASQUERADE=y -CONFIG_IP_NF_NAT_FTP=y - -2) Run the enable_nat script on domain 0 startup. This will bind - 169.254.1.0 to domain 0 and set up iptables for NAT. Make sure - that the real IP address for eth0 has been set before running the - script. -3) Give the other domains IP addresses in 169.254.0.0/16 and a default - gateway of 169.254.1.0. -4) It should now work. Domains 1 and higher should be able to make - outgoing connections through NAT. FTP active or passive should both - work thanks to FTP connection tracking diff --git a/tools/misc/read_console_udp.c b/tools/misc/read_console_udp.c deleted file mode 100644 index 632b01ad9a..0000000000 --- a/tools/misc/read_console_udp.c +++ /dev/null @@ -1,53 +0,0 @@ -/****************************************************************************** - * Test program for reading console lines from DOM0 port 666. - */ - -#include -#include -#include -#include -#include -#include - -int main(void) -{ - unsigned char buf[208], abuf[32]; - struct sockaddr_in addr, from; - int fromlen = sizeof(from); - int len, fd = socket(PF_INET, SOCK_DGRAM, 0); - - if ( fd < 0 ) - { - fprintf(stderr, "could not open datagram socket\n"); - return -1; - } - - memset(&addr, 0, sizeof(addr)); - addr.sin_addr.s_addr = htonl(0xa9fe0100); /* 169.254.1.0 */ - addr.sin_port = htons(666); - addr.sin_family = AF_INET; - if ( bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0 ) - { - fprintf(stderr, "could not bind to local address and port\n"); - return -1; - } - - while ( (len = recvfrom(fd, buf, sizeof(buf), 0, - (struct sockaddr *)&from, &fromlen)) - >= 0 ) - { - printf("%d-byte message from %s:%d --\n", len, - inet_ntop(AF_INET, &from.sin_addr, abuf, sizeof(abuf)), - ntohs(from.sin_port)); - - /* For sanity, clean up the string's tail. */ - if ( buf[len-1] != '\n' ) { buf[len] = '\n'; len++; } - buf[len] = '\0'; - - printf("%s", buf); - - fromlen = sizeof(from); - } - - return 0; -} diff --git a/tools/misc/xen_enable_nat b/tools/misc/xen_enable_nat new file mode 100755 index 0000000000..e6b21a779b --- /dev/null +++ b/tools/misc/xen_enable_nat @@ -0,0 +1,20 @@ +#!/bin/sh + +run_iptables() { + if ! iptables $@ ; then + echo "iptables returned error; have you built netfilter?"; exit 1 + fi +} + +ifconfig eth0:0 169.254.1.0 up +run_iptables -t filter -F +run_iptables -t nat -F +run_iptables -t filter -X +run_iptables -t nat -X +run_iptables -t filter -P FORWARD DROP +run_iptables -t filter -A FORWARD -i eth0 -o eth0 -s 169.254.0.0/16 -j ACCEPT +run_iptables -t filter -A FORWARD -i eth0 -o eth0 -d 169.254.0.0/16 -m state --state ESTABLISHED,RELATED -j ACCEPT +run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.1.0 -j RETURN +run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.0.0/16 -j MASQUERADE +echo 1 > /proc/sys/net/ipv4/ip_forward + diff --git a/tools/misc/xen_enable_nat.README b/tools/misc/xen_enable_nat.README new file mode 100644 index 0000000000..0c6dd1cd70 --- /dev/null +++ b/tools/misc/xen_enable_nat.README @@ -0,0 +1,24 @@ +To use NAT in domain 0 to give access for other domains: +1) Make sure domain 0's kernel contains at least the following options: + (other domains don't need this) + +CONFIG_NETFILTER=y +CONFIG_IP_NF_CONNTRACK=y +CONFIG_IP_NF_FTP=y +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_MATCH_STATE=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_NAT_NEEDED=y +CONFIG_IP_NF_TARGET_MASQUERADE=y +CONFIG_IP_NF_NAT_FTP=y + +2) Run the enable_nat script on domain 0 startup. This will bind + 169.254.1.0 to domain 0 and set up iptables for NAT. Make sure + that the real IP address for eth0 has been set before running the + script. +3) Give the other domains IP addresses in 169.254.0.0/16 and a default + gateway of 169.254.1.0. +4) It should now work. Domains 1 and higher should be able to make + outgoing connections through NAT. FTP active or passive should both + work thanks to FTP connection tracking diff --git a/tools/misc/xen_read_console.c b/tools/misc/xen_read_console.c new file mode 100644 index 0000000000..632b01ad9a --- /dev/null +++ b/tools/misc/xen_read_console.c @@ -0,0 +1,53 @@ +/****************************************************************************** + * Test program for reading console lines from DOM0 port 666. + */ + +#include +#include +#include +#include +#include +#include + +int main(void) +{ + unsigned char buf[208], abuf[32]; + struct sockaddr_in addr, from; + int fromlen = sizeof(from); + int len, fd = socket(PF_INET, SOCK_DGRAM, 0); + + if ( fd < 0 ) + { + fprintf(stderr, "could not open datagram socket\n"); + return -1; + } + + memset(&addr, 0, sizeof(addr)); + addr.sin_addr.s_addr = htonl(0xa9fe0100); /* 169.254.1.0 */ + addr.sin_port = htons(666); + addr.sin_family = AF_INET; + if ( bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0 ) + { + fprintf(stderr, "could not bind to local address and port\n"); + return -1; + } + + while ( (len = recvfrom(fd, buf, sizeof(buf), 0, + (struct sockaddr *)&from, &fromlen)) + >= 0 ) + { + printf("%d-byte message from %s:%d --\n", len, + inet_ntop(AF_INET, &from.sin_addr, abuf, sizeof(abuf)), + ntohs(from.sin_port)); + + /* For sanity, clean up the string's tail. */ + if ( buf[len-1] != '\n' ) { buf[len] = '\n'; len++; } + buf[len] = '\0'; + + printf("%s", buf); + + fromlen = sizeof(from); + } + + return 0; +} -- cgit v1.2.3