diff options
| author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2010-05-20 21:07:32 +0000 |
|---|---|---|
| committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2010-05-20 21:07:32 +0000 |
| commit | 4dac9e581461f1aadf552c1237f6e21e09c05919 (patch) | |
| tree | aa8250710ac538903d04e81a29b05079ba93f716 /tests/nat.nix | |
| parent | 85bd5bad32906698a82626ee9f5a1704ac1db588 (diff) | |
| download | nixpkgs-4dac9e581461f1aadf552c1237f6e21e09c05919.tar nixpkgs-4dac9e581461f1aadf552c1237f6e21e09c05919.tar.gz nixpkgs-4dac9e581461f1aadf552c1237f6e21e09c05919.tar.bz2 nixpkgs-4dac9e581461f1aadf552c1237f6e21e09c05919.tar.lz nixpkgs-4dac9e581461f1aadf552c1237f6e21e09c05919.tar.xz nixpkgs-4dac9e581461f1aadf552c1237f6e21e09c05919.tar.zst nixpkgs-4dac9e581461f1aadf552c1237f6e21e09c05919.zip | |
* Allow more complex network topologies in distributed tests. Each
machine can now declare an option `virtualisation.vlans' that causes
it to have network interfaces connected to each listed virtual
network. For instance,
virtualisation.vlans = [ 1 2 ];
causes the machine to have two interfaces (in addition to eth0, used
by the test driver to control the machine): eth1 connected to
network 1 with IP address 192.168.1.<i>, and eth2 connected to
network 2 with address 192.168.2.<i> (where <i> is the index of the
machine in the `nodes' attribute set). On the other hand,
virtualisation.vlans = [ 2 ];
causes the machine to only have an eth1 connected to network 2 with
address 192.168.2.<i>. So each virtual network <n> is assigned the
IP range 192.168.<n>.0/24.
Each virtual network is implemented using a separate multicast
address on the host, so guests really cannot talk to networks to
which they are not connected.
* Added a simple NAT test to demonstrate this.
* Added an option `virtualisation.qemu.options' to specify QEMU
command-line options. Used to factor out some commonality between
the test driver script and the interactive test script.
svn path=/nixos/trunk/; revision=21928
Diffstat (limited to 'tests/nat.nix')
| -rw-r--r-- | tests/nat.nix | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/tests/nat.nix b/tests/nat.nix new file mode 100644 index 00000000000..611a4ff1325 --- /dev/null +++ b/tests/nat.nix @@ -0,0 +1,55 @@ +# This is a simple distributed test involving a topology with two +# separate virtual networks - the "inside" and the "outside" - with a +# client on the inside network, a server on the outside network, and a +# router connected to both that performs Network Address Translation +# for the client. + +{ pkgs, ... }: + +{ + + nodes = + { client = + { config, pkgs, ... }: + { virtualisation.vlans = [ 1 ]; + networking.defaultGateway = "192.168.1.2"; # !!! ugly + }; + + router = + { config, pkgs, ... }: + { virtualisation.vlans = [ 2 1 ]; + environment.systemPackages = [ pkgs.iptables ]; + }; + + server = + { config, pkgs, ... }: + { virtualisation.vlans = [ 2 ]; + services.httpd.enable = true; + services.httpd.adminAddr = "foo@example.org"; + }; + }; + + testScript = + '' + startAll; + + # The router should have access to the server. + $server->waitForJob("httpd"); + $router->mustSucceed("curl --fail http://server/ >&2"); + + # But the client shouldn't be able to reach the server. + $client->mustFail("curl --fail --connect-timeout 5 http://server/ >&2"); + + # Enable NAT on the router. + $router->mustSucceed( + "iptables -t nat -F", + "iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT", + "iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.2", # !!! ugly + "echo 1 > /proc/sys/net/ipv4/ip_forward" + ); + + # Now the client should be able to connect. + $client->mustSucceed("curl --fail http://server/ >&2"); + ''; + +} |