WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Fwd: [Xen-users] firewall domU

To: "XEN Mailing List" <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: Fwd: [Xen-users] firewall domU
From: "Thiago Camargo Martins Cordeiro" <thiagocmartinsc@xxxxxxxxx>
Date: Thu, 18 Dec 2008 15:56:41 -0200
Delivery-date: Thu, 18 Dec 2008 09:59:17 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=0sXhqudv7gcuPFR6kawkvx9ZxdwEDlrGYAUlcXBFDyo=; b=b2mloV/TbYy+EKnO3Y7oIVmpeS3WFObXyRlkYtt/ZntdY1Yd2fxNEsOZkTv1EEXOYS NGMeT6J+vXdA7/OqwrnR8pk0TeMiJkuwt83Ezn2olDrVMrlPD0xqYlNJJtU86+PZ+cn3 BVUGoXSEC8M8/gnyGPF4+Wou2MvDQikoSv3jk=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=gSloHXUVSafA/XjVUnNEpyIoh+YX5Rc0W20qL78xh5YgNKFgcCmOda4wqwIhfr8z1I AyJjRaYN48bBbKNOvxdIJI6R80ZpAyh4cYD4Se/j9IKv0gbKVV8Jreejvo4tlzeOH+u5 P3M3HGV7uNfT0eBhRZj3C0OV1wE/9asNK8SPM=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <6b7f6eb0812180955g4de309cft1d35febae85d39aa@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <b2f21c20812180823y24581613w8cc58b41ae18d81b@xxxxxxxxxxxxxx> <6b7f6eb0812180915p73ae16bk9a58025b46cabdae@xxxxxxxxxxxxxx> <6b7f6eb0812180955g4de309cft1d35febae85d39aa@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Forwarding to the list again:

---------- Forwarded message ----------
From: Thiago Camargo Martins Cordeiro <thiagocmartinsc@xxxxxxxxx>
Date: 2008/12/18
Subject: Re: [Xen-users] firewall domU
To: "Maximilian W. Zeller" <mawize@xxxxxxxxx>


Zeller,

 I fogot to say that in your www and mail domUs, it's eth0 will be connected to "bridge=eth1"!

 Like this:
grep vif /etc/xen/mail01.cfg
vif         = [ 'mac=00:01:64:WW:YY:XX, bridge=eth1' ]

Thiago

2008/12/18 Thiago Camargo Martins Cordeiro <thiagocmartinsc@xxxxxxxxx>

Zeller,

 I have 4 domUs acting as a firewall in a bridge fashion, but my hardware has 2 physical ethernets.

 In dom0, my public eth0 IP is 200.1.2.2/28, 200.1.2.1 is the gateway of public network. My private eth1 IP is 192.168.1.1/24.

 Create the file /etc/xen/scripts/network-bridge-wrapper with:

#!/bin/sh
/etc/xen/scripts/network-bridge $1 netdev=eth0
/etc/xen/scripts/network-bridge $1 netdev=eth1

 In /etc/xen/xend-config.sxp change the line:
(network-script network-bridge)

 to:
(network-script network-bridge-wrapper)  # ...and restart xendomains / xend.

 In your domU firewall configuration file, "vif" must be like this:

grep vif /etc/xen/firewall01.cfg:
vif         = [ 'mac=00:01:64:ac:8f:2c, bridge=eth0', 'mac=00:01:64:9b:b5:1b, bridge=eth1' ]

 So you will have two ethernets in your domU firewall, each of it connected to it's relative public/private bridge.

 In your domU eth0, configure the public IP 200.1.2.3/28 with gateway 200.1.2.1 (the same gateway of dom0) and in your domU eth1, configure the IP 192.168.1.254/25, this will be the gateway for all your domUs. Living on the same hypervisor or not (it's a bridge remember). Ah! You do not need an interface for each domU...

  I hope help you in your scenario.

Regards,
Thiago

2008/12/18 Maximilian W. Zeller <mawize@xxxxxxxxx>
We would like to implement following scenario .. please look at the png attachment

Main Question:
how do i set up a domU firewall/router with one interface bridged to the internet and interfaces connected to other domUs? do we even need an interface for each connected domU?

thanks in advance
merry xmas

Max


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
<Prev in Thread] Current Thread [Next in Thread>