|
|
|
|
|
|
|
|
|
|
xen-users
Fwd: [Xen-users] firewall domU
Forwarding to the list again:
---------- Forwarded message ---------- From: Thiago Camargo Martins Cordeiro <thiagocmartinsc@xxxxxxxxx>
Date: 2008/12/18 Subject: Re: [Xen-users] firewall domU To: "Maximilian W. Zeller" < mawize@xxxxxxxxx> Zeller, I fogot to say that in your www and mail domUs, it's eth0 will be connected to "bridge=eth1"!
Like this: grep vif /etc/xen/mail01.cfg vif = [ 'mac=00:01:64:WW:YY:XX, bridge=eth1' ]
Thiago 2008/12/18 Thiago Camargo Martins Cordeiro <thiagocmartinsc@xxxxxxxxx>
Zeller,
I have 4 domUs acting as a firewall in a bridge fashion, but my hardware has 2 physical ethernets.
In dom0, my public eth0 IP is 200.1.2.2/28, 200.1.2.1 is the gateway of public network. My private eth1 IP is 192.168.1.1/24.
Create the file /etc/xen/scripts/network-bridge-wrapper with:
#!/bin/sh /etc/xen/scripts/network-bridge $1 netdev=eth0 /etc/xen/scripts/network-bridge $1 netdev=eth1
In /etc/xen/xend-config.sxp change the line:
(network-script network-bridge)
to: (network-script network-bridge-wrapper) # ...and restart xendomains / xend.
In your domU firewall configuration file, "vif" must be like this:
grep vif /etc/xen/firewall01.cfg:
vif = [ 'mac=00:01:64:ac:8f:2c, bridge=eth0', 'mac=00:01:64:9b:b5:1b, bridge=eth1' ]
So you will have two ethernets in your domU firewall, each of it connected to it's relative public/private bridge.
In your domU eth0, configure the public IP 200.1.2.3/28 with gateway 200.1.2.1 (the same gateway of dom0) and in your domU eth1, configure the IP 192.168.1.254/25, this will be the gateway for all your domUs. Living on the same hypervisor or not (it's a bridge remember). Ah! You do not need an interface for each domU...
I hope help you in your scenario.
Regards, Thiago
2008/12/18 Maximilian W. Zeller <mawize@xxxxxxxxx>
We would like to implement following scenario .. please look at the png attachment
Main Question: how do i set up a domU firewall/router with one interface bridged to the internet and interfaces connected to other domUs? do we even need an interface for each connected domU?
thanks in advance merry xmas
Max
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
|
|