| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
[Xen-users] shorewall config
Hi *
in xend-config.xsp I have:
********************************
(network-script network-route)
(vif-bridge xen-br0)
(vif-script vif-bridge)
********************************
and in /etc/network/interfaces
*********************************
iface eth0 inet static
address 0.0.0.0
auto xen-br0
iface xen-br0 inet static
pre-up ifconfig eth0 up
pre-up brctl addbr xen-br0
pre-up brctl addif xen-br0 eth0
address xxx.xxx.xxx.xx
netmask xxx.xxx.xxx.xxx
gateway xxx.xxx.xxx.xx
bridge_fd 0
bridge_hello 0
bridge_stp off
*********************************
I'm trying to configure shorewall on this machine:
/etc/shorewall/interfaces:
***************************************************
net eth0 detect routeback
- xen-br0 - -
***************************************************
/etc/shorewall/zones:
***************************************************
fw firewall #Domain 0
xen ipv4 #Domain 0 on the bridge
dmz ipv4 #other domains
net ipv4
***************************************************
/etc/shorewall/hosts:
***************************************************
ursa xen-br0:vif0.0
dmz xen-br0:vif+
net xen-br0:peth0
***************************************************
So, the problem is that I don't have peth0 (maybe because i'm using
network-route).
In fact, If I try to contact dom0 or any domU, in the log I see:
Shorewall:FORWARD:REJECT:IN=xen-br0 OUT=xen-br0 PHYSIN=eth0
PHYSOUT=vif1.0
How can I intercept packet from eth0 in this case? :((
the "net" interface seems to ignore eth0
--
Davide Corio davide.corio@xxxxxxxxxxxx
Redomino S.r.l. C.so Monte Grappa 90/b - 10145 Torino - Italy
Tel: +39 011 19502871 - Fax: +39 011 19791122 - http://www.redomino.com/
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Xen-users] shorewall config,
Davide Corio <=
|
|
|
| |
|
Home