|
Hello,
I am new to Xen and
is trying a confugration that simulates a firewall
environment.
My target environment is to setup three bridges:
one for Wan (xen-br0), one for DMZ (xbrdmz) and one for Lan
(xbrlan)
The three subnet are as follows:
Wan: 192.168.21.0/24
Dmz: 192.168.22.0/24
Lan: 192.168.23.0/24
I use xen3.0 and FC4 for both dom0 and
domU.
My machine currently has one Nic, eth0, and I
ensalve it into the Wan bridge xen-br0.
Dom0 has the IP address 192.168.21.11. I have two
domU in DMZ with IP 192.168.22.15,
192.168.22.16).
I use NAT 192.168.21.15 -> 192.168.22.15 and
192.168.21.16 -> 192.168.22.16 so that the PC from Wan can access
the PC.
Most of the things work fine. I can ping dom0 and
the two domU and vice versa. I can ssh from dom0 and domU and vice versa and I
can ssh from PC on Wan to dom0.
The only problem is that I cannot ssh from PC on
Wan to domU.
I have tried another setup. If I don't use the Wan
bridge ( xen-br0 ) and just use the eth0 and the Dmz bridge (xbrdmz), everything
works perfectly. (I can ssh from PC on Wan to domU also).
However, I still want to have the Wan bridge cause
I can add some domU in Wan subnet (so that I can say, add some IDS domU to Wan
bridge).
I have searched the mailing list and find a similar
case is:
I have tried the NOTRACK option but still can
help in my case.
Just wonder anyone has setup similar
environment?
Thanks alot.
| 
