|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] shorewall config
Hi * in xend-config.xsp I have: ******************************** (network-script network-route) (vif-bridge xen-br0) (vif-script vif-bridge) ******************************** and in /etc/network/interfaces ********************************* iface eth0 inet static address 0.0.0.0 auto xen-br0 iface xen-br0 inet static pre-up ifconfig eth0 up pre-up brctl addbr xen-br0 pre-up brctl addif xen-br0 eth0 address xxx.xxx.xxx.xx netmask xxx.xxx.xxx.xxx gateway xxx.xxx.xxx.xx bridge_fd 0 bridge_hello 0 bridge_stp off ********************************* I'm trying to configure shorewall on this machine: /etc/shorewall/interfaces: *************************************************** net eth0 detect routeback - xen-br0 - - *************************************************** /etc/shorewall/zones: *************************************************** fw firewall #Domain 0 xen ipv4 #Domain 0 on the bridge dmz ipv4 #other domains net ipv4 *************************************************** /etc/shorewall/hosts: *************************************************** ursa xen-br0:vif0.0 dmz xen-br0:vif+ net xen-br0:peth0 *************************************************** So, the problem is that I don't have peth0 (maybe because i'm using network-route). In fact, If I try to contact dom0 or any domU, in the log I see: Shorewall:FORWARD:REJECT:IN=xen-br0 OUT=xen-br0 PHYSIN=eth0 PHYSOUT=vif1.0 How can I intercept packet from eth0 in this case? :(( the "net" interface seems to ignore eth0 -- Davide Corio davide.corio@xxxxxxxxxxxx Redomino S.r.l. C.so Monte Grappa 90/b - 10145 Torino - Italy Tel: +39 011 19502871 - Fax: +39 011 19791122 - http://www.redomino.com/ _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |