[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: [Xen-users] firewall domU


  • To: "XEN Mailing List" <xen-users@xxxxxxxxxxxxxxxxxxx>
  • From: "Thiago Camargo Martins Cordeiro" <thiagocmartinsc@xxxxxxxxx>
  • Date: Thu, 18 Dec 2008 15:56:41 -0200
  • Delivery-date: Thu, 18 Dec 2008 09:59:17 -0800
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=gSloHXUVSafA/XjVUnNEpyIoh+YX5Rc0W20qL78xh5YgNKFgcCmOda4wqwIhfr8z1I AyJjRaYN48bBbKNOvxdIJI6R80ZpAyh4cYD4Se/j9IKv0gbKVV8Jreejvo4tlzeOH+u5 P3M3HGV7uNfT0eBhRZj3C0OV1wE/9asNK8SPM=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>

Forwarding to the list again:

---------- Forwarded message ----------
From: Thiago Camargo Martins Cordeiro <thiagocmartinsc@xxxxxxxxx>
Date: 2008/12/18
Subject: Re: [Xen-users] firewall domU
To: "Maximilian W. Zeller" <mawize@xxxxxxxxx>


Zeller,

 I fogot to say that in your www and mail domUs, it's eth0 will be connected to "bridge=eth1"!

 Like this:
grep vif /etc/xen/mail01.cfg
vif         = [ 'mac=00:01:64:WW:YY:XX, bridge=eth1' ]

Thiago

2008/12/18 Thiago Camargo Martins Cordeiro <thiagocmartinsc@xxxxxxxxx>

Zeller,

 I have 4 domUs acting as a firewall in a bridge fashion, but my hardware has 2 physical ethernets.

 In dom0, my public eth0 IP is 200.1.2.2/28, 200.1.2.1 is the gateway of public network. My private eth1 IP is 192.168.1.1/24.

 Create the file /etc/xen/scripts/network-bridge-wrapper with:

#!/bin/sh
/etc/xen/scripts/network-bridge $1 netdev=eth0
/etc/xen/scripts/network-bridge $1 netdev=eth1

 In /etc/xen/xend-config.sxp change the line:
(network-script network-bridge)

 to:
(network-script network-bridge-wrapper)  # ...and restart xendomains / xend.

 In your domU firewall configuration file, "vif" must be like this:

grep vif /etc/xen/firewall01.cfg:
vif         = [ 'mac=00:01:64:ac:8f:2c, bridge=eth0', 'mac=00:01:64:9b:b5:1b, bridge=eth1' ]

 So you will have two ethernets in your domU firewall, each of it connected to it's relative public/private bridge.

 In your domU eth0, configure the public IP 200.1.2.3/28 with gateway 200.1.2.1 (the same gateway of dom0) and in your domU eth1, configure the IP 192.168.1.254/25, this will be the gateway for all your domUs. Living on the same hypervisor or not (it's a bridge remember). Ah! You do not need an interface for each domU...

  I hope help you in your scenario.

Regards,
Thiago

2008/12/18 Maximilian W. Zeller <mawize@xxxxxxxxx>
We would like to implement following scenario .. please look at the png attachment

Main Question:
how do i set up a domU firewall/router with one interface bridged to the internet and interfaces connected to other domUs? do we even need an interface for each connected domU?

thanks in advance
merry xmas

Max


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.