WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Virengeprüft] Re: Re: Re: [Xen-users]How setup shorewall with xen-3.3

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Virengeprüft] Re: Re: Re: [Xen-users]How setup shorewall with xen-3.3 ?
From: "Mr. WebLover" <mrweblover@xxxxxxxxx>
Date: Tue, 02 Sep 2008 01:34:29 +0200
Delivery-date: Mon, 01 Sep 2008 16:36:01 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <48BC7114.8080901@xxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <48BB4050.2020206@xxxxxxxxx> <1e16a9ed0809010913p72895356j436b1ee4ab98b650@xxxxxxxxxxxxxx> <48BC7114.8080901@xxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.16 (Windows/20080708)
Ok, i have tested a little bit ....
and read the new documentation from shorewall.net about bridging (with shorewall-perl)

But i have always the problem, that the bridgename 'eth0' by shorewall is not a bridge :-(

Here now my new zones file:
fw              firewall
net             ipv4            # Internet Connection (peth0)
dom0:net        bport4          # (eth0 and eth0:gw)
loc:net         bport4          # the vethX devices from the domU's

and interfaces file:
dom0    eth0            -               bridge
net     eth0:peth0      -
loc     eth0:vif+       -               routeback

shorewall chek give's me this output:
Checking...
Checking /etc/shorewall/zones...
Checking /etc/shorewall/interfaces...
   ERROR: Zones of type 'bport' may only be associated with bridge ports : /etc/shorewall/interfaces (line 11)

And line 11 is : dom0    eth0            -               bridge

What can i do, that shorewall saw my bridge eth0 ?

Are anybody here have a successfull bridge setup with shorewall ?

Thanks for every help/reply.

Best reagrds,
Torsten



Mr. WebLover schrieb:
Ok, thanks Todd for your help.

I have tested, but it don't run ...

Here is my local system/configuration :

kernel 2.6.26-16

BEFORE Xen started
eth0 -> real 1gbit ethernet device with public ip address by example 10.10.1.1
eth0:gw -> one more public with other subnet ... by example 10.10.2.0 netmask 255.255.255.248
(the ip addresses are public ones, not private as here in my example ....)
lo -> normal loopback ....

With xen i want a bridge setup.

AFTER Xen started i have:
bridge with name eth0
and the devices inside the bridge
peth0   (the real device)
veth1.0 (a domU)
with ifconfig i see the devices
eth0 and eth0:gw too


Ok, after schorewall i want :
peth0 -> the real device as 'net'
eth0 -> the dom0 device as fw / loc
vethX -> the domU's as 'loc'


But i don't know how i need to setup this in shorewall.
I use schorewall 4.0.13

I read, that now i need to give shorewall the info
in the zones file which zone is a bridge -> 'bport'.
Ok, in my case so i set the zone file :
fw      firewall
net     ipv4            # Internet Connection (peth0)
dom0    bport           # (eth0 and eth0:gw)
loc     bport           # the vethX devices from the domU's

In my interfaces file i have the follows :
dom0    eth0            -
net     eth0:peth0      -
loc     eth0:vif+       -               routeback

When i now run a shorewall check i see this error(s)) :
Checking...
Checking /etc/shorewall/zones...
   WARNING: Bridge Port zones should have a parent zone : /etc/shorewall/zones (line 14)
   WARNING: Bridge Port zones should have a parent zone : /etc/shorewall/zones (line 15)
Checking /etc/shorewall/interfaces...
   ERROR: Zones of type 'bport' may only be associated with bridge ports : /etc/shorewall/interfaces (line 11)


here is line 14 : dom0    bport
and line 15     : dom0    bport

and that line 11 of the interfaces file:
dom0    eth0            -


Hm, i don't know what i need to do.
I have tested to setup shorewall so, i do it a long time,
but i become an error, that bridge=yes is not anymore in kernel :-(

I hope you can give me an tip.

Best regards
Torsten



Todd Deshane schrieb:


____________________________________________________________________________

Diese E-Mail wurde auf Viren und gefährliche Anhänge durch das
AttNet E-Mail Sicherheitssystem untersucht und ist wahrscheinlich virenfrei.

© 2007 Ingenieurbüro AttNet - Torsten Albrecht Dipl.-Ing. IT
Schillerstraße 5 - 67304 Kerzenheim - E-Mail: info@xxxxxxxxx
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
<Prev in Thread] Current Thread [Next in Thread>