|
|
|
|
|
|
|
|
|
|
xen-users
[Xen-users] Building a DMZ.
Greetings,
How does one build a DMZ?
I am trying to do the following:-
{ INTERNET }
|
+-------------eth2--------------+
| | |
| [ extbridge ] |
| | |
| +-----vif2.1-----+ |
| | | |
| | Ext. Firewall | |
| | ( dom u2 ) | |
| | | |
| +-----vif2.0-----+ |
| | |
| | |
| [ DMZ ]-----------eth1
| | |
| | |
| +-----vif1.1-----+ |
| | | |
| | Int. Firewall | |
| | ( dom u1 ) | |
| | | |
| +-----vif1.0-----+ |
| | |
| [ intbridge ] |
| | |
+-------------eth1--------------+
|
{ LOCALNET }
I have a start script ( eventually to go in /etc/init.d) :-
#!/bin/bash
/etc/xen/scripts/network-bridge start bridge=intbr netdev=eth0 vifnum=0
/etc/xen/scripts/network-bridge start bridge=extbr netdev=eth1 vifnum=1
/etc/xen/scripts/network-bridge start bridge=dmz netdev=eth2 vifnum=2
/sbin/ifconfig dmz 10.0.0.10 netmask 255.255.255.0 up
echo 1 > /proc/sys/net/bridge/bridge-nf-call-arptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
xm create intfw
xm create extfw
And in my xmconfigs for intfw and extfw I have:
intfw:vif = [ 'type=ioemu,mac=00:16:3e:0a:01:10,bridge=intbr',
'type=ioemu,mac=00:16:3e:0a:01:11,bridge=dmz' ]
extfw:vif = [ 'type=ioemu,mac=00:16:3e:0a:02:20,bridge=dmz',
'type=ioemu,mac=00:16:3e:0a:02:21,bridge=extbr' ]
Run the start script and all comes up.
However I cannot ping from intfw to extfw.
"brctl showmacs intbr" shows both mac addresses
for the internal firewall on the internal bridge.
4 00:16:3e:0a:01:10 no 43.98
5 00:16:3e:0a:01:11 no 87.64
The same happens with the external firewall, both it's
macs appear on the DMZ if I ping an external address.
I expected the DMZ to have the outbound mac address of the
internal firewall plus the inbound mac address of the external
firewall. Is brctl the wrong tool here?
If anybody has any advice, I would be keen to hear.
kind regards
S.
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
<Prev in Thread] |
Current Thread |
[Next in Thread> |
- [Xen-users] Building a DMZ.,
Old Skywhale <=
|
|
|
|
|