This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Fwd: [Xen-users] firewall domU

To: "XEN Mailing List" <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: Fwd: [Xen-users] firewall domU
From: "Thiago Camargo Martins Cordeiro" <thiagocmartinsc@xxxxxxxxx>
Date: Thu, 18 Dec 2008 15:56:41 -0200
Delivery-date: Thu, 18 Dec 2008 09:59:17 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=0sXhqudv7gcuPFR6kawkvx9ZxdwEDlrGYAUlcXBFDyo=; b=b2mloV/TbYy+EKnO3Y7oIVmpeS3WFObXyRlkYtt/ZntdY1Yd2fxNEsOZkTv1EEXOYS NGMeT6J+vXdA7/OqwrnR8pk0TeMiJkuwt83Ezn2olDrVMrlPD0xqYlNJJtU86+PZ+cn3 BVUGoXSEC8M8/gnyGPF4+Wou2MvDQikoSv3jk=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=gSloHXUVSafA/XjVUnNEpyIoh+YX5Rc0W20qL78xh5YgNKFgcCmOda4wqwIhfr8z1I AyJjRaYN48bBbKNOvxdIJI6R80ZpAyh4cYD4Se/j9IKv0gbKVV8Jreejvo4tlzeOH+u5 P3M3HGV7uNfT0eBhRZj3C0OV1wE/9asNK8SPM=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <6b7f6eb0812180955g4de309cft1d35febae85d39aa@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <b2f21c20812180823y24581613w8cc58b41ae18d81b@xxxxxxxxxxxxxx> <6b7f6eb0812180915p73ae16bk9a58025b46cabdae@xxxxxxxxxxxxxx> <6b7f6eb0812180955g4de309cft1d35febae85d39aa@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Forwarding to the list again:

---------- Forwarded message ----------
From: Thiago Camargo Martins Cordeiro <thiagocmartinsc@xxxxxxxxx>
Date: 2008/12/18
Subject: Re: [Xen-users] firewall domU
To: "Maximilian W. Zeller" <mawize@xxxxxxxxx>


 I fogot to say that in your www and mail domUs, it's eth0 will be connected to "bridge=eth1"!

 Like this:
grep vif /etc/xen/mail01.cfg
vif         = [ 'mac=00:01:64:WW:YY:XX, bridge=eth1' ]


2008/12/18 Thiago Camargo Martins Cordeiro <thiagocmartinsc@xxxxxxxxx>


 I have 4 domUs acting as a firewall in a bridge fashion, but my hardware has 2 physical ethernets.

 In dom0, my public eth0 IP is, is the gateway of public network. My private eth1 IP is

 Create the file /etc/xen/scripts/network-bridge-wrapper with:

/etc/xen/scripts/network-bridge $1 netdev=eth0
/etc/xen/scripts/network-bridge $1 netdev=eth1

 In /etc/xen/xend-config.sxp change the line:
(network-script network-bridge)

(network-script network-bridge-wrapper)  # ...and restart xendomains / xend.

 In your domU firewall configuration file, "vif" must be like this:

grep vif /etc/xen/firewall01.cfg:
vif         = [ 'mac=00:01:64:ac:8f:2c, bridge=eth0', 'mac=00:01:64:9b:b5:1b, bridge=eth1' ]

 So you will have two ethernets in your domU firewall, each of it connected to it's relative public/private bridge.

 In your domU eth0, configure the public IP with gateway (the same gateway of dom0) and in your domU eth1, configure the IP, this will be the gateway for all your domUs. Living on the same hypervisor or not (it's a bridge remember). Ah! You do not need an interface for each domU...

  I hope help you in your scenario.


2008/12/18 Maximilian W. Zeller <mawize@xxxxxxxxx>
We would like to implement following scenario .. please look at the png attachment

Main Question:
how do i set up a domU firewall/router with one interface bridged to the internet and interfaces connected to other domUs? do we even need an interface for each connected domU?

thanks in advance
merry xmas


Xen-users mailing list

Xen-users mailing list
<Prev in Thread] Current Thread [Next in Thread>