WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] firewall xenU woes (help would be appreciated)

from [Dirk H. Schulz] [Permanent Link][Original]
To: Adam Tworkowski <adam@xxxxxxxxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] firewall xenU woes (help would be appreciated)
From: "Dirk H. Schulz" <dirk.schulz@xxxxxxxxxxxxx>
Date: Mon, 29 Aug 2005 08:54:20 +0200
Delivery-date: Mon, 29 Aug 2005 06:52:23 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1125245716.28499.42.camel@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <1125245716.28499.42.camel@xxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0.6 (Macintosh/20050716) 
Adam Tworkowski schrieb:


Hi,

Could someone please help me out with networking my firewall on xenU
configuration.  I have combed the list archives for posts on similar
configurations and getting bridging working properly but I am stuck and
generally confused.  I am trying to achieve the scenario below (ascii
borrowed from previous thread).

              +------------------------+
              | physical machine, dom0 |
              |   +---------------+    |
-- Internet -------+ Firewall domU +--------- Intranet
              |   +------+--------+    |
              |          |             |
              |          |   DMZ       |
              |    +-----+------+      |
              |    |            |      |
              | +--+--+      +--+--+   |
              | |domU1|      |domU2|   |
              | +-----+      +-----+   |
              +------------------------+

So far:
- physical ethernet device (will be two later) hidden from dom0 (no issue) - domU (fw) using ethernet device -- has access to internet on eth0 (no issue) 

- domU1 and domU2 can only see domU when using bridge=xen-br0 although it 
appears that only on of the two can be active as if both are pinging domU there 
is much
packet.  Using vif = ['mac=xx.xx..., bridge=xen-br0'"].

Should domU1 and domU2 should be using xen-br0 at all or should this only be 
for domU and the former be using xen-br1 and xen-br2 respectively.

- I have attempted to have domU1 use vif = ['backend=fw'] without success

- I have also attempted to created xen-br1,xen-br2 and have the non-fw domUs 
use these: vif = ['bridge=xen-br1']
I am using a similar design (in my case the firewall still is in dom0, but that should not make a principal difference). I set up a separate bridge for every domU and connected each domU to its bridge.
The firewall sees every bridge as the gateway to an internal subnet (so every domU is an additional Intranet seen from the perspektive of the firewall). Now you only have to set up filter roules for iptables to allow/disallow connections between domUs and domU/Internet etc. 

Hope that helps.

Dirk

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] [HELP!]ERROR: do_evtchn_op: HYPERVISOR_EVENT_channel_op failed: -1, yang jianguo
Next by Date:  Re: [Xen-users] firewall xenU woes (help would be appreciated), Marcus Brown
Previous by Thread:  Re: [Xen-users] firewall xenU woes (help would be appreciated), Marcus Brown
Next by Thread:  [Xen-users] Network / Xen & Suse 9.3 ... help appreciated, ervin
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy