WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] LAN configuration?

from [Marcus Brown] [Permanent Link][Original]
To: Alan Murrell <lists@xxxxxxxxxx>
Subject: Re: [Xen-users] LAN configuration?
From: Marcus Brown <marcusbrutus@xxxxxxxxxxxxxxxx>
Date: Fri, 16 Sep 2005 09:53:51 +1000
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 15 Sep 2005 23:50:25 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1126748114.2839.6.camel@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <1126624303.12158.7.camel@xxxxxxxxxxxxxxxxxxxxxxxx> <4327705E.4010105@xxxxxxxxxxxxxxxx> <1126748114.2839.6.camel@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Debian Thunderbird 1.0.6 (X11/20050802) 
Hi Alan,

Alan Murrell wrote:
> 
> Not sure if this is what you mean, but my Xensource server will have at
> least one machine in a DMZ (external web and email), and a couple of
> servers that will be sitting on the LAN (a file/print server, mythtv
> backend, maybe a couple others).
> 
> Since the physical LAN interface being assigned to the fireall (also on
> the Xensource server) will plug into a physical switch, I still want the
> domU LAN servers to appear as though they are on the LAN (and act as
> such)
> 
> I hope that's a bit clearer?  Basically, the LAN will have a couple
> physical machines (laptops, one workstation) and virtual servers.
> 

OK, the design and technique I explained last time should do this.
You could just use the firewall to DNAT the domains, and/or forward the
necessary ports.

eg. I have a mail server, web server, freenx server, etc all running as
domains, with the firewall (currently) running shorewall.

Mail Server: DNAT for the LAN (Green Zone),
DNAT            Zone GreenZone                  Host 192.168.254.51 in zone br5 
TCP     Any 143
DNAT            Zone GreenZone                  Host 192.168.254.51 in zone br5 
UDP     Any 143
AllowPOP3       Host 192.168.254.51 in zone br5 Zone RedZone                    
        Any
AllowSMTP       Zone GreenZone                  Zone RedZone                    
        Any

Web Server: DNAT for the Internet (Red Zone)
DNAT    Zone RedZone    Host 192.168.254.50 in zone br5         UDP     Any     
443             
DNAT    Zone RedZone    Host 192.168.254.50 in zone br5         TCP     Any     
443             
DNAT    Zone RedZone    Host 192.168.254.50 in zone br5         TCP     Any     
80

Freenx Server: DNAT for everywhere
DNAT    Any     Host 192.168.254.5:22 in zone br0       TCP     Any     XXXXX   
        
DNAT    Any     Host 192.168.254.5:22 in zone br0       UDP     Any     XXXXX
(where XXXXX is a high port)

I've probably missed a fair bit of detail, but I hope that
gives you an idea.

Marcus

ps. for the domains to actually be 'IN' the LAN, ie. in the same subnet
then the domains need to be on the same bridge as the LAN NIC (short story).
But then a routing firewall (iptables) would be pretty useless?
If the DNAT technique above doesn't suit, you might want to check out ebtables
and make a Brouter ... ???

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] DarwinStreamingServer Error with Live migration, 고광원
Next by Date:  Re: [Xen-users] Is there a working FC4/multiple NIC recipe?, Marcus Brown
Previous by Thread:  Re: [Xen-users] LAN configuration?, Alan Murrell
Next by Thread:  [Xen-users] Network communication for DomU servers not going to the network., Daniel Thivierge
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy