WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] Fwd: [Xen-users] firewall domU

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] Fwd: [Xen-users] firewall domU
From: "Thiago Camargo Martins Cordeiro" <thiagocmartinsc@xxxxxxxxx>
Date: Thu, 18 Dec 2008 15:56:21 -0200
Delivery-date: Thu, 18 Dec 2008 09:57:59 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=xw5upZh0YJCfxRyZxJA4hgNi0Eq3hDAWzUpSlqyAGqQ=; b=JNsbgpsXYobtQowwjcJjVFytQh3vvilHoANRor6iw6xUr2UnscE/PRYuKYRTuW86SE cKeieGsKQsb1h/TwJvpSV2HZpk57Kh6sSpRGln4kkBS9sJ9c8IDYLheiBCzEyklyLP8F W0WYXBfgDBwFkabUNsa7HOBj8nEV0DlLVZs+0=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=gN2ckSK2n+sAKQJlGR8pZ6GadxZnzmTaOkPhzAp7NFlGkpZky4rHYnF4BmE+svTm72 jnQr2IGOXdtwFz44r5g0CaVqlvrxGW2vnCLijbT7fVrET5DjDZp45eIKgLJIwz6Wa2Rd bLBJfJdJUjwDrLK4jcQmBJw/EiHtO4f8b2Hdo=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <6b7f6eb0812180915p73ae16bk9a58025b46cabdae@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <b2f21c20812180823y24581613w8cc58b41ae18d81b@xxxxxxxxxxxxxx> <6b7f6eb0812180915p73ae16bk9a58025b46cabdae@xxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
forwardind to the list:

---------- Forwarded message ----------
From: Thiago Camargo Martins Cordeiro <thiagocmartinsc@xxxxxxxxx>
Date: 2008/12/18
Subject: Re: [Xen-users] firewall domU
To: "Maximilian W. Zeller" <mawize@xxxxxxxxx>


Zeller,

 I have 4 domUs acting as a firewall in a bridge fashion, but my hardware has 2 physical ethernets.

 In dom0, my public eth0 IP is 200.1.2.2/28, 200.1.2.1 is the gateway of public network. My private eth1 IP is 192.168.1.1/24.

 Create the file /etc/xen/scripts/network-bridge-wrapper with:

#!/bin/sh
/etc/xen/scripts/network-bridge $1 netdev=eth0
/etc/xen/scripts/network-bridge $1 netdev=eth1

 In /etc/xen/xend-config.sxp change the line:
(network-script network-bridge)

 to:
(network-script network-bridge-wrapper)  # ...and restart xendomains / xend.

 In your domU firewall configuration file, "vif" must be like this:

grep vif /etc/xen/firewall01.cfg:
vif         = [ 'mac=00:01:64:ac:8f:2c, bridge=eth0', 'mac=00:01:64:9b:b5:1b, bridge=eth1' ]

 So you will have two ethernets in your domU firewall, each of it connected to it's relative public/private bridge.

 In your domU eth0, configure the public IP 200.1.2.3/28 with gateway 200.1.2.1 (the same gateway of dom0) and in your domU eth1, configure the IP 192.168.1.254/25, this will be the gateway for all your domUs. Living on the same hypervisor or not (it's a bridge remember). Ah! You do not need an interface for each domU...

  I hope help you in your scenario.

Regards,
Thiago

2008/12/18 Maximilian W. Zeller <mawize@xxxxxxxxx>
We would like to implement following scenario .. please look at the png attachment

Main Question:
how do i set up a domU firewall/router with one interface bridged to the internet and interfaces connected to other domUs? do we even need an interface for each connected domU?

thanks in advance
merry xmas

Max


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] Fwd: [Xen-users] firewall domU, Thiago Camargo Martins Cordeiro <=