|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Fwd: [Xen-users] firewall domU
forwardind to the list: ---------- Forwarded message ---------- From: Thiago Camargo Martins Cordeiro <thiagocmartinsc@xxxxxxxxx> Date: 2008/12/18 Subject: Re: [Xen-users] firewall domU To: "Maximilian W. Zeller" <mawize@xxxxxxxxx> Zeller, I have 4 domUs acting as a firewall in a bridge fashion, but my hardware has 2 physical ethernets. In dom0, my public eth0 IP is 200.1.2.2/28, 200.1.2.1 is the gateway of public network. My private eth1 IP is 192.168.1.1/24. Create the file /etc/xen/scripts/network-bridge-wrapper with: #!/bin/sh /etc/xen/scripts/network-bridge $1 netdev=eth0 /etc/xen/scripts/network-bridge $1 netdev=eth1 In /etc/xen/xend-config.sxp change the line: (network-script network-bridge) to: (network-script network-bridge-wrapper) # ...and restart xendomains / xend. In your domU firewall configuration file, "vif" must be like this: grep vif /etc/xen/firewall01.cfg: vif = [ 'mac=00:01:64:ac:8f:2c, bridge=eth0', 'mac=00:01:64:9b:b5:1b, bridge=eth1' ] So you will have two ethernets in your domU firewall, each of it connected to it's relative public/private bridge. In your domU eth0, configure the public IP 200.1.2.3/28 with gateway 200.1.2.1 (the same gateway of dom0) and in your domU eth1, configure the IP 192.168.1.254/25, this will be the gateway for all your domUs. Living on the same hypervisor or not (it's a bridge remember). Ah! You do not need an interface for each domU... I hope help you in your scenario. Regards, Thiago 2008/12/18 Maximilian W. Zeller <mawize@xxxxxxxxx>
_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |