[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Fwd: [Xen-users] firewall domU


  • To: xen-devel@xxxxxxxxxxxxxxxxxxx
  • From: "Thiago Camargo Martins Cordeiro" <thiagocmartinsc@xxxxxxxxx>
  • Date: Thu, 18 Dec 2008 15:56:21 -0200
  • Delivery-date: Thu, 18 Dec 2008 09:57:59 -0800
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=gN2ckSK2n+sAKQJlGR8pZ6GadxZnzmTaOkPhzAp7NFlGkpZky4rHYnF4BmE+svTm72 jnQr2IGOXdtwFz44r5g0CaVqlvrxGW2vnCLijbT7fVrET5DjDZp45eIKgLJIwz6Wa2Rd bLBJfJdJUjwDrLK4jcQmBJw/EiHtO4f8b2Hdo=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>

forwardind to the list:

---------- Forwarded message ----------
From: Thiago Camargo Martins Cordeiro <thiagocmartinsc@xxxxxxxxx>
Date: 2008/12/18
Subject: Re: [Xen-users] firewall domU
To: "Maximilian W. Zeller" <mawize@xxxxxxxxx>


Zeller,

 I have 4 domUs acting as a firewall in a bridge fashion, but my hardware has 2 physical ethernets.

 In dom0, my public eth0 IP is 200.1.2.2/28, 200.1.2.1 is the gateway of public network. My private eth1 IP is 192.168.1.1/24.

 Create the file /etc/xen/scripts/network-bridge-wrapper with:

#!/bin/sh
/etc/xen/scripts/network-bridge $1 netdev=eth0
/etc/xen/scripts/network-bridge $1 netdev=eth1

 In /etc/xen/xend-config.sxp change the line:
(network-script network-bridge)

 to:
(network-script network-bridge-wrapper)  # ...and restart xendomains / xend.

 In your domU firewall configuration file, "vif" must be like this:

grep vif /etc/xen/firewall01.cfg:
vif         = [ 'mac=00:01:64:ac:8f:2c, bridge=eth0', 'mac=00:01:64:9b:b5:1b, bridge=eth1' ]

 So you will have two ethernets in your domU firewall, each of it connected to it's relative public/private bridge.

 In your domU eth0, configure the public IP 200.1.2.3/28 with gateway 200.1.2.1 (the same gateway of dom0) and in your domU eth1, configure the IP 192.168.1.254/25, this will be the gateway for all your domUs. Living on the same hypervisor or not (it's a bridge remember). Ah! You do not need an interface for each domU...

  I hope help you in your scenario.

Regards,
Thiago

2008/12/18 Maximilian W. Zeller <mawize@xxxxxxxxx>
We would like to implement following scenario .. please look at the png attachment

Main Question:
how do i set up a domU firewall/router with one interface bridged to the internet and interfaces connected to other domUs? do we even need an interface for each connected domU?

thanks in advance
merry xmas

Max


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.