WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Ideal(istic) Xen firewall design

from [Dirk H. Schulz] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Ideal(istic) Xen firewall design
From: "Dirk H. Schulz" <dirk.schulz@xxxxxxxxxxxxx>
Date: Sat, 13 Aug 2005 21:41:30 +0200
Delivery-date: Sat, 13 Aug 2005 19:39:47 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <2b6116b305081220111e7ad89c@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <42FAC8B2.8070601@xxxxxxxxxxxxxxxx> <42FB20AB.2000906@xxxxxxxxxxxxxxxxxxxxxxx> <42FC02B7.5010605@xxxxxxxxxxxxxxxx> <1123815231.4815.57.camel@xxxxxxxxxxxxxxxxxxxxxxx> <42FC1FBC.2070409@xxxxxxxxxxxxxxxx> <2b6116b305081220111e7ad89c@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0.6 (Macintosh/20050716) 
Hi folks,
I would like to throw my bits and pieces into the discussion. Since I am not a network geek when it comes to complex scenarios I would be happy if you could comment on my way to do it. 

My goal:
Have a base system (xen0) that works as a firewall and router. It has an external interface (eth0, ppp0) for dsl and several interfaces for internal networks. It should also be the firewall and router for at least 2 guest systems (domU). I set up firewalling and routing with shorewall since that comes in more handy than configuring netfilter directly (I think).
Next I created a dummy interface and connected it to the bridge xen-br0. Concerning ifconfig and brctl, that works. Via Shorewall I configured the dummy interface as a zone of its own like a local zone, with netfiltering and routing according to a standard local zone. The idea was handling the network of the guest systems like an internal hardware network segment that is connected to the firewall. 

Any ideas so far? Any comments, cries or wrought hands?
I cannot test network connections of the guest system since it does not start due to an error I have not found documented anywhere – I hope that has nothing to do with the networking part – but I am impatient and would like to know what the geeks think of this concept. 

Dirk

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] Error creating domain: invalid literal for int():, Dirk H. Schulz
Next by Date:  Re: [Xen-users] Webinterface Bug, J. Kendzorra
Previous by Thread:  Re: [Xen-users] Ideal(istic) Xen firewall design, Nicholas Lee
Next by Thread:  [Xen-devel] How to setup CONFIG_SCSI_SATA_VIA=y and CONFIG_SK98LIN=y on a custom xenlinux builds?, Marlon
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy