01mars 2010
Xen et utilisation du NAT
19:19 - Par Mohamed YACOUBI - Xen
Un ami ayant eu un besoin urgent de pouvoir gérer des DomU Xen via le NAT et comme la configuration de Xen en NAT ne me plait guère, je me suis alors permis de développer un petit script très simple afin de gérer des règles de routage.
#!/bin/sh IPTABLES=/sbin/iptables MORE=/bin/more GREP=/bin/grep ECHO=/usr/bin/echo IP_PUBLIC=XXX.XXX.XXX.XXX IP_PRIVATE=XXX.XXX.XXX.XXX/XX if ! ${GREP}|> '1' /proc/sys/net/ipv4/ip_forward >/dev/null 2>&1; then ${ECHO}|> "1" > /proc/sys/net/ipv4/ip_forward fi # Routage des requetes sortante DomU if ! ${IPTABLES}|> -L POSTROUTING -t nat | ${GREP}|> ${IP_PUBLIC}|> >/dev/null 2>&1; then ${IPTABLES}|> -A POSTROUTING -t nat -s ${IP_PRIVATE}|> -j SNAT --to ${IP_PUBLIC}|> fi echo "Rules policy in progress :" echo "________________________________________________________________________________________________" ${IPTABLES}|> -t nat -L PREROUTING --line-numbers | ${MORE}|> +2 echo "________________________________________________________________________________________________" echo echo "Actions :" echo "+---+-----------------+" echo "| 1 | Add Rules |" echo "+---+-----------------+" echo "| 2 | Delete Rules |" echo "+---+-----------------+" echo "| 3 | List Rules |" echo "+---+-----------------+" echo -n " >> " read TASK case ${TASK}|> in 0) echo "#############" echo "# 28/02/2010 #" echo "#############" ;; 1) echo "== Add Rules ==" echo -n "IP Source >> " read IPSOURCE if ${IPTABLES}|> -t nat -L PREROUTING --line-numbers | ${GREP}|> -w ${IPSOURCE}|> >/dev/null 2>&1; then echo "IP Source is already configured, please remove it before" exit fi echo -n "IP Destination >> " read IPDESTINATION echo "-------------------------------" echo "Apply this Rules, Traffic destined ${IPSOURCE} redirect to ${IPDESTINATION} ? (Y/N)" echo -n " >> " read APPLY echo if ! [ "${APPLY}" = "Y" ]; then echo "You have not validated, rules not add" exit fi ${IPTABLES}|> -A PREROUTING -t nat -j DNAT -d ${IPSOURCE}|>/32 --to ${IPDESTINATION}|> /etc/init.d/iptables save >/dev/null 2>&1 echo "Success Rules Apply" ;; 2) echo "== Delete Rules ==" echo -n "Rules numbers >> " read DELRULES if ! ${IPTABLES}|> -t nat -L PREROUTING --line-numbers | ${GREP}|> -w ${DELRULES}|> >/dev/null 2>&1; then echo "Rules not exist" exit fi echo "Delete this Rules, `${IPTABLES} -t nat -L PREROUTING --line-numbers | ${GREP} -w ${DELRULES} | awk 'BEGIN { FS=" " } { print "Traffic destined to "$6" redirect "$7 }'` ? (Y/N)" echo -n " >> " read APPLY echo if ! [ "${APPLY}" = "Y" ]; then echo "You have not validated, rules not delete" exit fi ${IPTABLES}|> -t nat -D PREROUTING ${DELRULES}|> /etc/init.d/iptables save >/dev/null 2>&1 echo "Success Rules Apply" ;; 3) echo "== List Rules ==" echo "________________________________________________________________________________________________" ${IPTABLES}|> -t nat -L PREROUTING --line-numbers | ${MORE}|> +2 echo "________________________________________________________________________________________________" ;; *) echo "---------------------------" echo "Invalid selection" exit ;; esac
Script : xen-nat.sh