WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Ideal(istic) Xen firewall design

Hi folks,

I would like to throw my bits and pieces into the discussion. Since I am not a network geek when it comes to complex scenarios I would be happy if you could comment on my way to do it.

My goal:
Have a base system (xen0) that works as a firewall and router. It has an external interface (eth0, ppp0) for dsl and several interfaces for internal networks. It should also be the firewall and router for at least 2 guest systems (domU). I set up firewalling and routing with shorewall since that comes in more handy than configuring netfilter directly (I think).

Next I created a dummy interface and connected it to the bridge xen-br0. Concerning ifconfig and brctl, that works. Via Shorewall I configured the dummy interface as a zone of its own like a local zone, with netfiltering and routing according to a standard local zone. The idea was handling the network of the guest systems like an internal hardware network segment that is connected to the firewall.

Any ideas so far? Any comments, cries or wrought hands?

I cannot test network connections of the guest system since it does not start due to an error I have not found documented anywhere – I hope that has nothing to do with the networking part – but I am impatient and would like to know what the geeks think of this concept.

Dirk

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users