[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Fwd: [Xen-users] firewall domU

  • To: xen-devel@xxxxxxxxxxxxxxxxxxx
  • From: "Thiago Camargo Martins Cordeiro" <thiagocmartinsc@xxxxxxxxx>
  • Date: Thu, 18 Dec 2008 15:56:21 -0200
  • Delivery-date: Thu, 18 Dec 2008 09:57:59 -0800
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=gN2ckSK2n+sAKQJlGR8pZ6GadxZnzmTaOkPhzAp7NFlGkpZky4rHYnF4BmE+svTm72 jnQr2IGOXdtwFz44r5g0CaVqlvrxGW2vnCLijbT7fVrET5DjDZp45eIKgLJIwz6Wa2Rd bLBJfJdJUjwDrLK4jcQmBJw/EiHtO4f8b2Hdo=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>

forwardind to the list:

---------- Forwarded message ----------
From: Thiago Camargo Martins Cordeiro <thiagocmartinsc@xxxxxxxxx>
Date: 2008/12/18
Subject: Re: [Xen-users] firewall domU
To: "Maximilian W. Zeller" <mawize@xxxxxxxxx>


 I have 4 domUs acting as a firewall in a bridge fashion, but my hardware has 2 physical ethernets.

 In dom0, my public eth0 IP is, is the gateway of public network. My private eth1 IP is

 Create the file /etc/xen/scripts/network-bridge-wrapper with:

/etc/xen/scripts/network-bridge $1 netdev=eth0
/etc/xen/scripts/network-bridge $1 netdev=eth1

 In /etc/xen/xend-config.sxp change the line:
(network-script network-bridge)

(network-script network-bridge-wrapper)  # ...and restart xendomains / xend.

 In your domU firewall configuration file, "vif" must be like this:

grep vif /etc/xen/firewall01.cfg:
vif         = [ 'mac=00:01:64:ac:8f:2c, bridge=eth0', 'mac=00:01:64:9b:b5:1b, bridge=eth1' ]

 So you will have two ethernets in your domU firewall, each of it connected to it's relative public/private bridge.

 In your domU eth0, configure the public IP with gateway (the same gateway of dom0) and in your domU eth1, configure the IP, this will be the gateway for all your domUs. Living on the same hypervisor or not (it's a bridge remember). Ah! You do not need an interface for each domU...

  I hope help you in your scenario.


2008/12/18 Maximilian W. Zeller <mawize@xxxxxxxxx>
We would like to implement following scenario .. please look at the png attachment

Main Question:
how do i set up a domU firewall/router with one interface bridged to the internet and interfaces connected to other domUs? do we even need an interface for each connected domU?

thanks in advance
merry xmas


Xen-users mailing list

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.