WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] How to setup Xen for 3 bridges environment?

To: "Hong @ gmail" <whtsang22@xxxxxxxxx>, Xen-users <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-users] How to setup Xen for 3 bridges environment?
From: Fernando Maior <fernando.souto.maior@xxxxxxxxx>
Date: Fri, 27 Jan 2006 09:28:08 -0200
Delivery-date: Fri, 27 Jan 2006 11:37:28 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=bfOSyg0s7UUtQrOoIGRq8TTpfvRmQjOTMp08dQ/AELNeIZnbSTNRKqOF4GNwgT2UlO67MdaEXx9WOFmE3ouge58wYI6sXfVIwlXlyb9KVPKoAlzmIdZFfR311eZUGSMWTGkpVafCJYfWeWw6d0MH+KnybQAScYh1G8XD2xOrD+A=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <000601c62295$89b21a20$470ba8c0@ws02>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <000601c62295$89b21a20$470ba8c0@ws02>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Hong,

Did you have a look at Xen wiki documentation? You may
compare http://wiki.xensource.com/xenwiki/XenNetworkingSuse
to your experience and try something like that.

On 1/26/06, Hong @ gmail <whtsang22@xxxxxxxxx> wrote:
>
> Hello,
>
> I am new to Xen and is trying a confugration that simulates a firewall
> environment.
> My target environment is to setup three bridges: one for Wan (xen-br0), one
> for DMZ (xbrdmz) and one for Lan (xbrlan)
> The three subnet are as follows:
> Wan: 192.168.21.0/24
> Dmz: 192.168.22.0/24
> Lan:   192.168.23.0/24
>
> I use xen3.0 and FC4 for both dom0 and domU.
> My machine currently has one Nic, eth0, and I ensalve it into the Wan bridge
> xen-br0.
>
> Dom0 has the IP address 192.168.21.11. I have two domU in DMZ with IP
> 192.168.22.15, 192.168.22.16).
> I use NAT 192.168.21.15 -> 192.168.22.15 and 192.168.21.16 -> 192.168.22.16
> so that the PC from Wan can access the PC.
> Most of the things work fine. I can ping dom0 and the two domU and vice
> versa. I can ssh from dom0 and domU and vice versa and I can ssh from PC on
> Wan to dom0.
> The only problem is that I cannot ssh from PC on Wan to domU.
>
> I have tried another setup. If I don't use the Wan bridge ( xen-br0 ) and
> just use the eth0 and the Dmz bridge (xbrdmz), everything works perfectly.
> (I can ssh from PC on Wan to domU also).
>
> However, I still want to have the Wan bridge cause I can add some domU in
> Wan subnet (so that I can say, add some IDS domU to Wan bridge).
> I have searched the mailing list and find a similar case is:
> http://lists.xensource.com/archives/html/xen-users/2005-06/msg00669.html
>
> I have tried the NOTRACK option but still can help in my case.
>
> Just wonder anyone has setup similar environment?
> Thanks alot.
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
>
>


--
Bye,
Fernando Maior
LPIC/1(31908)
LinuxCounter(391325)

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users