|
|
|
|
|
|
|
|
|
|
xen-users
[Xen-users] firewall xenU woes (help would be appreciated)
Hi,
Could someone please help me out with networking my firewall on xenU
configuration. I have combed the list archives for posts on similar
configurations and getting bridging working properly but I am stuck and
generally confused. I am trying to achieve the scenario below (ascii
borrowed from previous thread).
+------------------------+
| physical machine, dom0 |
| +---------------+ |
-- Internet -------+ Firewall domU +--------- Intranet
| +------+--------+ |
| | |
| | DMZ |
| +-----+------+ |
| | | |
| +--+--+ +--+--+ |
| |domU1| |domU2| |
| +-----+ +-----+ |
+------------------------+
So far:
- physical ethernet device (will be two later) hidden from dom0 (no issue)
- domU (fw) using ethernet device -- has access to internet on eth0 (no issue)
- domU1 and domU2 can only see domU when using bridge=xen-br0 although it
appears that only on of the two can be active as if both are pinging domU there
is much
packet. Using vif = ['mac=xx.xx..., bridge=xen-br0'"].
Should domU1 and domU2 should be using xen-br0 at all or should this only be
for domU and the former be using xen-br1 and xen-br2 respectively.
- I have attempted to have domU1 use vif = ['backend=fw'] without success
- I have also attempted to created xen-br1,xen-br2 and have the non-fw domUs
use these: vif = ['bridge=xen-br1']
- Having searched the list, I have attempted to create dummy0, dummy1,etc. on
the domU as suggested.
I am hoping that someone can lay out what they have done to get this working.
My suspicion is that my bridging is not working correctly on dom0.
Question: what devices should be showing from 'ifconfig' on respective nodes
(dom0, domU, domU1...)?
xen0 shows multiple vifs, xen-br0-4.
xenU shows eth0 - should it show vifs?
xenU1,2 shows eth0. Should it show more? vifs?
Maybe someone can share the output of their ifconfigs to compare.
All my instance are running on Debian Sarge.
Thanks in advance!
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
|
|