WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Ideal(istic) Xen firewall design

To: Marcus Brown <marcusbrutus@xxxxxxxxxxxxxxxx>
Subject: Re: [Xen-users] Ideal(istic) Xen firewall design
From: Nicholas Lee <emptysands@xxxxxxxxx>
Date: Sat, 13 Aug 2005 15:11:29 +1200
Cc: bgb@xxxxxxxxx, xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Sat, 13 Aug 2005 03:09:52 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=teYfR2/JC1pwpOYrFUJ41H7qQtA7HSF9epZUlnkLax2cKh0iWhhmFXiL0/6XyiDKD+lLXMDxMtYARSzEMhOZHG9b83mJKotkaumCBbWX5Y5JiSSD7b9H3R05/GgWAMPZJzb1PlmTE9KB2ZB4k4oMgPMWia8yGgTAHBOtabJO9hU=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <42FC1FBC.2070409@xxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <42FAC8B2.8070601@xxxxxxxxxxxxxxxx> <42FB20AB.2000906@xxxxxxxxxxxxxxxxxxxxxxx> <42FC02B7.5010605@xxxxxxxxxxxxxxxx> <1123815231.4815.57.camel@xxxxxxxxxxxxxxxxxxxxxxx> <42FC1FBC.2070409@xxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
On 8/12/05, Marcus Brown <marcusbrutus@xxxxxxxxxxxxxxxx> wrote:
> 
> I understand from various postings that I need to manually create the
> extra bridges before bringing up the Firewall domain.
> I guess I could do that in a number of ways,
> but is there a 'Xen approved' method?

I'm not doing the firewall with Xen thing yet, but this is what I've
done for both Xen and UML for my 'virutal internal' networks:

/etc/network/interfaces
auto internal-br
iface internal-br inet static
        address 10.1.0.254
        netmask 255.255.0.0
        network 10.1.0.0
        broadcast 10.1.255.255
        bridge_ports eth1
        bridge_fd 0
        bridge_hello 1
        bridge_stp off
        up route add -net 192.168.1.0/24 gw  10.1.0.1
        down route del -net 192.168.1.0/24 gw  10.1.0.1

Note, in your setup you might use dummy0/1 instead of eth1 in the
above.  I leave the default xen-br to xen itself to configure.

I used dummy interfaces succesfully with UML, I'm not sure how well
they would work with Xen.  Single processor Xen seems to have
performance issues with networking between virtual domUs on the same
host.

-- 
Nicholas Lee
http://stateless.geek.nz
gpg 8072 4F86 EDCD 4FC1 18EF  5BDD 07B0 9597 6D58 D70C

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users