WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Questions about bridges, and firewalls: Mandriva and Red Hat

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Questions about bridges, and firewalls: Mandriva and Red Hat-like systems
From: "Alan Murrell" <lists@xxxxxxxxxx>
Date: Wed, 19 Jul 2006 20:43:25 -0700 (PDT)
Delivery-date: Wed, 19 Jul 2006 20:48:00 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
Importance: Normal
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: SquirrelMail/1.4.6
Hello,

There is currently a lot of info on setting up bridges, netowrks and
firewall DomU's on Debain-based host systems (Debian, Ubuntu, etc.)  I
would like to do a similar setup on a Mandriva host system (which should,
by extension, be similar for Red Hat, Fedora, and similar systems), as
Mandriva is the distro I use the most (almost exclusively)

I am currently running xen-2.0.7 on a Debian host.  One of my DomU's acts
as a firewall with one of the physical NICs assigned to it (the one for
the Internet connection).

The other two physical NICs in the server are "assigned" to Dom0 and are
attached to bridges for my LAN and DMZ.  The firewall Dom0 is then
attached to the LAN and DMZ bridges so it can route traffic on those
interfaces.

(I have both physical machine and VMs on my LAN segment, hence the bridges
for the LAN and DMZ.)

Now, I am in the process of building up a server using Xen 3.0.2.  The
host OS is Mandriva, which is the distro I use the most.

On my current Debian host, my "/etc/network/interfaces" file looks like this:

--- CUT HERE ---
auto br-adm0
iface br-adm0 inet static
        address 10.253.3.2
        netmask 255.255.255.0
        gateway 10.253.3.1
        bridge_ports dummy0

auto br-dmz0 br-lan0
iface br-lan0 inet manual
        bridge_ports eth0

iface br-dmz0 inet manual
        bridge_ports eth1
--- CUT HERE ---

So I have three "untethered" bridges with a network interface assigned to
each one:

  br-lan0 -> eth0 (for the LAN)
  br-dmz0 -> eth1 (for the DMZ host)
  br-adm0 -> dummy0 (so I can SSH into the host server from the firewall
DomU for administration of the box, creation/management of VMs, etc.)

Each bridge is assigned a static IP address.

On the new host, I have created the following script in "/etc/xen/scripts"
called "my-network-script", and modified the necessary files to allow it
to run (from the example provided at
<http://wiki.xensource.com/xenwiki/XenNetworking>):

--- CUT HERE ---
#!/bin/sh
dir=$(dirname "$0")

"$dir/network-bridge" "$@" netdev=eth0 vifnum=0 bridge=br-lan0
"$dir/network-bridge" "$@" netdev=eth1 vifnum=1 bridge=br-dmz0
"$dir/network-bridge" "$@" netdev=dummy0 vifnum=2 bridge=br-adm0
--- CUT HERE ---

I have also created the appropriate
"/etc/sysconfig/network-scripts/ifcfg-xxx" scripts.

When the system boots, all the proper interfaces, bridges, and vif's get
created.  I am not sure, however, how to get the IP addresses assigned to
the bridges themselves.  For example, if I edit the ifcfg-eth0 script to
assign a static IP address of '10.253.1.2', and reboot the server, the IP
shows up as actually being assigned to "eth0" instead "br-lan0" (on my
current Debian host, the IP shows up on the "br-lan0" interface).  Is this
correct behaviour in Xen 3.0.2?

If anyone has any other ideas on how to accomplish this (preferably using
the Xen scripts, though modification of them is OK), such advice would be
appreciated.

Thanks, in advance!

-Alan




_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] Questions about bridges, and firewalls: Mandriva and Red Hat-like systems, Alan Murrell <=