[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Ideal(istic) Xen firewall design

Hi folks,

I would like to throw my bits and pieces into the discussion. Since I am not a network geek when it comes to complex scenarios I would be happy if you could comment on my way to do it.

My goal:
Have a base system (xen0) that works as a firewall and router. It has an external interface (eth0, ppp0) for dsl and several interfaces for internal networks. It should also be the firewall and router for at least 2 guest systems (domU). I set up firewalling and routing with shorewall since that comes in more handy than configuring netfilter directly (I think).

Next I created a dummy interface and connected it to the bridge xen-br0. Concerning ifconfig and brctl, that works. Via Shorewall I configured the dummy interface as a zone of its own like a local zone, with netfiltering and routing according to a standard local zone. The idea was handling the network of the guest systems like an internal hardware network segment that is connected to the firewall.

Any ideas so far? Any comments, cries or wrought hands?

I cannot test network connections of the guest system since it does not start due to an error I have not found documented anywhere – I hope that has nothing to do with the networking part – but I am impatient and would like to know what the geeks think of this concept.


Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.