This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-users] xen bridging firewall problem

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] xen bridging firewall problem
From: Scott Hadfield <hadfield@xxxxxxxxxxxxxx>
Date: Tue, 01 Aug 2006 22:48:52 -0700
Delivery-date: Tue, 01 Aug 2006 22:50:49 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird (X11/20060624)
Sorry if this is a duplicate... I've been having some problems with my
mail client and wasn't sure if this went through the first time.


Hi all,

I'm having some problems configuring a DomU bridging firewall with Xen,
and I was hoping someone here could help. Hopefully I'm just doing
something foolish here that can be easily fixed :). Here's my setup:

In my firewall domain I have to interfaces, one attached to xenbr0
(which peth0 is a member), and the other attached to dumbr0 (which
dummy0 is a member). My other DomU, which is suppose to connect via my
firewall, has one interface, attached to dumbr0. I'm not sure if I
actually need the dummy0 interface, but it seemed like the right thing
to do ;-).

$ brctl show
bridge name     bridge id               STP enabled     interfaces
xenbr0          8000.feffffffffff       no              vif0.0
dumbr0          8000.12615a37fb1a       no              dummy0

firewall config:
vif      = [ 'bridge=xenbr0', 'bridge=dumbr0' ]

otherdomU config:
vif      = [ 'bridge=dumbr0' ]

In otherdomU I can ping the firewall, I can ping the gateway, and I can
ping hosts outside of the gateway, including the nameserver. However,
otherdomU can't resolve any domain names (yes, resolv.conf is set
properly). I can ssh to my firewall from otherdomU, but I can't ssh to
other servers in the same network even when I specify the ip address.

Any ideas?

Thanks for any help!

Attachment: signature.asc
Description: OpenPGP digital signature

Xen-users mailing list
<Prev in Thread] Current Thread [Next in Thread>