[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] LAN configuration?

To: Alan Murrell <lists@xxxxxxxxxx>
From: Marcus Brown <marcusbrutus@xxxxxxxxxxxxxxxx>
Date: Fri, 16 Sep 2005 09:53:51 +1000
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 15 Sep 2005 23:50:25 +0000
List-id: Xen user discussion <xen-users.lists.xensource.com>

Hi Alan,

Alan Murrell wrote:
> 
> Not sure if this is what you mean, but my Xensource server will have at
> least one machine in a DMZ (external web and email), and a couple of
> servers that will be sitting on the LAN (a file/print server, mythtv
> backend, maybe a couple others).
> 
> Since the physical LAN interface being assigned to the fireall (also on
> the Xensource server) will plug into a physical switch, I still want the
> domU LAN servers to appear as though they are on the LAN (and act as
> such)
> 
> I hope that's a bit clearer?  Basically, the LAN will have a couple
> physical machines (laptops, one workstation) and virtual servers.
> 

OK, the design and technique I explained last time should do this.
You could just use the firewall to DNAT the domains, and/or forward the
necessary ports.

eg. I have a mail server, web server, freenx server, etc all running as
domains, with the firewall (currently) running shorewall.

Mail Server: DNAT for the LAN (Green Zone),
DNAT            Zone GreenZone                  Host 192.168.254.51 in zone br5 
TCP     Any 143
DNAT            Zone GreenZone                  Host 192.168.254.51 in zone br5 
UDP     Any 143
AllowPOP3       Host 192.168.254.51 in zone br5 Zone RedZone                    
        Any
AllowSMTP       Zone GreenZone                  Zone RedZone                    
        Any

Web Server: DNAT for the Internet (Red Zone)
DNAT    Zone RedZone    Host 192.168.254.50 in zone br5         UDP     Any     
443             
DNAT    Zone RedZone    Host 192.168.254.50 in zone br5         TCP     Any     
443             
DNAT    Zone RedZone    Host 192.168.254.50 in zone br5         TCP     Any     
80

Freenx Server: DNAT for everywhere
DNAT    Any     Host 192.168.254.5:22 in zone br0       TCP     Any     XXXXX   
        
DNAT    Any     Host 192.168.254.5:22 in zone br0       UDP     Any     XXXXX
(where XXXXX is a high port)

I've probably missed a fair bit of detail, but I hope that
gives you an idea.

Marcus

ps. for the domains to actually be 'IN' the LAN, ie. in the same subnet
then the domains need to be on the same bridge as the LAN NIC (short story).
But then a routing firewall (iptables) would be pretty useless?
If the DNAT technique above doesn't suit, you might want to check out ebtables
and make a Brouter ... ???

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- [Xen-users] LAN configuration?
  - From: Alan Murrell
- Re: [Xen-users] LAN configuration?
  - From: Marcus Brown
- Re: [Xen-users] LAN configuration?
  - From: Alan Murrell

Prev by Date: [Xen-users] DarwinStreamingServer Error with Live migration
Next by Date: Re: [Xen-users] Is there a working FC4/multiple NIC recipe?
Previous by thread: Re: [Xen-users] LAN configuration?
Next by thread: [Xen-users] Network communication for DomU servers not going to the network.
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.