Debian Etch And Xen From The Debian Repository
Version 1.0
Author: Michele Petrazzo "michele [dot] petrazzo [at] unipex [dot] it"
Last edit: Jan/27/2007
Preface
This how-to provides step-by-step instructions on how to install Xen on an already working Debian Etch system. You can find all the software used here in the Etch repository, so no external files or compilation are needed.
Installation
After logging in on a terminal (console or ssh), let's start with the kernel, libc (Xen version) and all the tools needed for making Xen work:
Here I use the vserver kernel version also because I do a complete installation since I need also vserver. If you don't need vserver, simply use the kernel linux-image-2.6-xen-686 instead (so without vserver string inside). If you don't know what vservers are, leave it... It doesn't make problems!
xen-test:~# apt-get install linux-image-2.6-xen-vserver-686 xen-hypervisor-3.0.3-1-i386-pae xen-tools xen-linux-system-2.6.18-4-xen-vserver-686 linux-headers-2.6-xen-vserver-686 libc6-xen bridge-utils
Now we have just installed Xen with its patched kernel, all the tools for creating and modifying the images (Xen calls it domains) and the new libc6 with the Xen patch that removes the annoying tls problem (see the Xen Faq for more info).
If you have a CPU that supports hardware virtualization (see HVM Compatible Processors) and you want full virtualization of unmodified operating systems, such as Microsoft's Windows product line, and standard Linux kernels, you should install the xen-ioemu package:
xen-test:~# apt-get install xen-ioemu-3.0.3-1
If you want to use a graphical frontend for editing the Xen configuration file, install the xenman package (I don't cover its usage in this tutorial):
Pay attention that this software depends on a lot of GTK libraries, so the installation may require a lot of downloads!
xen-test:~# apt-get install xenman
We also need to add the loop module to the kernel every time we boot our system, so edit /etc/modules and add the loop module:
xen-test:~# vi /etc/modules
At the end add:
loop max_loop=64
Now it's time to reboot to use our new kernel and the new libc libraries!
xen-test:~# reboot
Configuration
Ok. It's time to start to use Xen, so we need to modify the network configuration. I choose (the simplest?) solution to bridge my network interface with the Xen one:
xen-test:~# vi /etc/xen/xend-config.sxp
Go about to line 70 and uncomment the (network-script network-bridge) line:
#
# To bridge network traffic, like this:
#
# dom0: fake eth0 -> vif0.0 -+
# |
# bridge -> real eth0 -> the network
# |
# domU: fake eth0 -> vifN.0 -+
#
# use
#
(network-script network-bridge)
#
Inside this file you'll find a lot of other interesting configurations (like debug). Take a look into it!
Now restart the xend daemon to reload the new configuration:
xen-test:~# /etc/init.d/xend restart
And you will find three new virtual network cards:
xen-test:~# ifconfig | less
peth0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
*cut*
vif0.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
*cut*
xenbr0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
If you don't find the above lines, something is wrong, so increase the debug into the xen file and restart the xend daemon. Go to the debug file log and see what's wrong.
Edit the xen configuration file in order to tell Xen that we have a different (up-to-date) kernel and a new directory where we store the domain files:
xen-test:~# vi /etc/xen-tools/xen-tools.conf
*at "dir" point, uncomment:*
dir = /home/xen
*at "kernel" and "initrd" point:*
kernel = /boot/vmlinuz-2.6.18-4-xen-vserver-686
initrd = /boot/initrd.img-2.6.18-4-xen-vserver
If you want, you can also change the various disk and size options, like: size memory, swap, repository location ... and all the others.
Now create a new directory where we will store the domain files (I choose /home/xen):
xen-test:~# mkdir /home/xen
and create the first Xen domain:
Domain Creation
xen-test:~# xen-create-image --debootstrap --hostname xen-etch --dhcp --dist=etch
Here I choose to debooststrap and to install the Debian Etch release with the hostname xen-etch. In my network I have a dhcp server, so I use that to assign the network settings to the new domain. If you don't have one, choose the --ip=my_new_address, for the gateway see --gateway.
See xen-create-image --help | less for more details.
If everything is ok, take a beer and wait some minutes...
ZZZzzz...
*cut*
Creating Xen configuration file
Done
All done
The beer is finished and so is the image creation :). It's time to start the new Xen domain:
Start The Xen Domain
xen-test:~# xm create /etc/xen/xen-etch.cfg
Using config file "/etc/xen/xen-etch.cfg".
Started domain xen-etch
xen-test:~# xm list
Name ID Mem(MiB) VCPUs State Time(s)
Domain-0 0 358 1 r----- 315.5
xen-etch 2 128 1 ------ 3.7
Log in to your new Xen domain (ssh or
xm console xen-etch
) and enjoy!
The End
This tutorial is the simplest solution that I found to start with Debian Etch and Xen. I use only 5% of the available commands, so I leave to you the task of looking into all commands and their switches!
FUENTE: http://howtoforge.com/debian_etch_xen_from_debian_repository
viernes, 12 de octubre de 2007
miércoles, 10 de octubre de 2007
Filtrar PING con iptables desde todas las ip's menos desde la mia
Cambiar la palabra ip por una ip verdadera en la siguiente línea:
iptables -A INPUT -p icmp -s ip -j ACCEPT
iptables -A INPUT -p icmp -j DROP
o también puede hacerse en una sola línea de la siguiente forma:
iptables -A INPUT -p icmp -s !ip -j DROP
donde !ip hay que reemplazarlo por la ip de la pc que realmente quieren que responda el ping.
---------------------------------------------------------------------
Algo mas facil para filtrar ping pero desde cualquier ip, ejecutamos:
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
Si queremos volver a habilitar el ping solo cambiamos el 1 por el 0.
iptables -A INPUT -p icmp -s ip -j ACCEPT
iptables -A INPUT -p icmp -j DROP
o también puede hacerse en una sola línea de la siguiente forma:
iptables -A INPUT -p icmp -s !ip -j DROP
donde !ip hay que reemplazarlo por la ip de la pc que realmente quieren que responda el ping.
---------------------------------------------------------------------
Algo mas facil para filtrar ping pero desde cualquier ip, ejecutamos:
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
Si queremos volver a habilitar el ping solo cambiamos el 1 por el 0.
Suscribirse a:
Entradas (Atom)