|
|
|
|
|
|
|
|
|
|
xen-users
[Virengeprüft] Re: Re: Re: [Xen-users]How setup shorewall with xen-3.3
Ok, i have tested a little bit ....
and read the new documentation from shorewall.net about bridging (with
shorewall-perl)
But i have always the problem, that the bridgename 'eth0' by shorewall
is not a bridge :-(
Here now my new zones file:
fw firewall
net ipv4 # Internet Connection (peth0)
dom0:net bport4 # (eth0 and eth0:gw)
loc:net bport4 # the vethX devices from the domU's
and interfaces file:
dom0 eth0 - bridge
net eth0:peth0 -
loc eth0:vif+ - routeback
shorewall chek give's me this output:
Checking...
Checking /etc/shorewall/zones...
Checking /etc/shorewall/interfaces...
ERROR: Zones of type 'bport' may only be associated with bridge
ports : /etc/shorewall/interfaces (line 11)
And line 11 is : dom0 eth0 - bridge
What can i do, that shorewall saw my bridge eth0 ?
Are anybody here have a successfull bridge setup with shorewall ?
Thanks for every help/reply.
Best reagrds,
Torsten
Mr. WebLover schrieb:
Ok, thanks Todd for your help.
I have tested, but it don't run ...
Here is my local system/configuration :
kernel 2.6.26-16
BEFORE Xen started
eth0 -> real 1gbit ethernet device with public ip address by example
10.10.1.1
eth0:gw -> one more public with other subnet ... by example
10.10.2.0 netmask 255.255.255.248
(the ip addresses are public ones, not private as here in my example
....)
lo -> normal loopback ....
With xen i want a bridge setup.
AFTER Xen started i have:
bridge with name eth0
and the devices inside the bridge
peth0 (the real device)
veth1.0 (a domU)
with ifconfig i see the devices
eth0 and eth0:gw too
Ok, after schorewall i want :
peth0 -> the real device as 'net'
eth0 -> the dom0 device as fw / loc
vethX -> the domU's as 'loc'
But i don't know how i need to setup this in shorewall.
I use schorewall 4.0.13
I read, that now i need to give shorewall the info
in the zones file which zone is a bridge -> 'bport'.
Ok, in my case so i set the zone file :
fw firewall
net ipv4 # Internet Connection (peth0)
dom0 bport # (eth0 and eth0:gw)
loc bport # the vethX devices from the domU's
In my interfaces file i have the follows :
dom0 eth0 -
net eth0:peth0 -
loc eth0:vif+ - routeback
When i now run a shorewall check i see this error(s)) :
Checking...
Checking /etc/shorewall/zones...
WARNING: Bridge Port zones should have a parent zone :
/etc/shorewall/zones (line 14)
WARNING: Bridge Port zones should have a parent zone :
/etc/shorewall/zones (line 15)
Checking /etc/shorewall/interfaces...
ERROR: Zones of type 'bport' may only be associated with bridge
ports : /etc/shorewall/interfaces (line 11)
here is line 14 : dom0 bport
and line 15 : dom0 bport
and that line 11 of the interfaces file:
dom0 eth0 -
Hm, i don't know what i need to do.
I have tested to setup shorewall so, i do it a long time,
but i become an error, that bridge=yes is not anymore in kernel :-(
I hope you can give me an tip.
Best regards
Torsten
Todd Deshane schrieb:
____________________________________________________________________________
Diese E-Mail wurde auf Viren und gefährliche Anhänge durch das
AttNet E-Mail Sicherheitssystem untersucht und ist wahrscheinlich virenfrei.
© 2007 Ingenieurbüro AttNet - Torsten Albrecht Dipl.-Ing. IT
Schillerstraße 5 - 67304 Kerzenheim - E-Mail: info@xxxxxxxxx
|
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
|
|