WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Gateway/firewall with Xen

To: Xen-Users <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-users] Gateway/firewall with Xen
From: Daniel Bareiro <daniel-listas@xxxxxxx>
Date: Sun, 22 Jul 2007 18:37:06 -0300
Delivery-date: Sun, 22 Jul 2007 15:13:43 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Reply-to: dbareiro@xxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.16 (2007-06-11)
Hi all!
I want to migrate my gateway/firewall to dom0 or domU. I tried the
following configuration to migrate my firewall/gateway to dom0:

--------------------------------------------------------------------------
cat /etc/network/interfaces
# The primary network interface
auto eth1
iface eth1 inet static
        address 192.168.1.2
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255

# DSL interface
auto dsl-provider
iface dsl-provider inet ppp
pre-up /sbin/ifconfig eth2 up # line maintained by pppoeconf
provider dsl-provider

auto eth2
iface eth2 inet manual
--------------------------------------------------------------------------

cat /etc/xen/xend-config.sxp |grep ^[^#]
(network-script 'network-bridge netdev=eth1')
(vif-script vif-bridge)
(dom0-min-mem 196)
(dom0-cpus 0)
--------------------------------------------------------------------------

But any domU I created get unreachable to the Internet or the others
PC's of the LAN, and dom0 can access to Internet y can't to reach to the
others PC's of the LAN. These are the domU's config files:

cat /etc/xen/domU.cfg |grep ^[^#]
kernel  = '/boot/vmlinuz-2.6.18-4-xen-686'
ramdisk = '/boot/initrd.img-2.6.18-4-xen-686'
memory  = '128'
root    = '/dev/sda1 ro'
disk    = [ 'phy:vm/firewall-disk,sda1,w', 'phy:vm/firewall-swap,sda2,w' ]
name    = 'domU'
vif     = [ 'mac=aa:cc:00:00:00:02, bridge=xenbr0' ]
on_poweroff = 'destroy'
on_reboot   = 'restart'
on_crash    = 'restart'

cat /etc/network/interfaces |grep ^[^#]
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
 address 192.168.1.10
 netmask 255.255.255.0
 network 192.168.1.0
 broadcast 192.168.1.255
 gateway 192.168.1.2


Another alternative is to migrate the firewall/gateway to domU, but I'm
not sure of the network configuration to use even.

I would appreciate anybody can help me with this issues.

Thanks in advance.

Regards,
Daniel
-- 
Daniel Bareiro - System Administrator
Fingerprint: BFB3 08D6 B4D1 31B2 72B9  29CE 6696 BF1B 14E6 1D37
Powered by Debian GNU/Linux Etch - Linux user #188.598

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
<Prev in Thread] Current Thread [Next in Thread>