|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Domain0 and firewalls
On Wednesday 22 February 2006 04:33 pm, Tom Eastep wrote: > On Wednesday 22 February 2006 13:49, David Koski wrote: > > > > > Thanks Tom. Since I have eth0 and eth1 I have put this in zones: > > > > fw firewall > > xen0 ipv4 > > xen1 ipv4 > > > > ..and this in interfaces: > > > > xen0 xenbr0 detect routeback > > xen1 xenbr1 detect routeback > > > > Perhaps xen0 would be better named loc and xen1 named dmz. > > Shorewall attaches absolutely no meaning to zone names so you can call them > 'foo' and 'bar' if you like; whatever has meaning to you. > > > > > Is that it? > > Looks fine. I must be missing something because shorewall blocks all access. eth0=192.168.0.99 eth1=64.175.19.254 Here are my files: interfaces: loc xenbr0 detect routeback net xenbr1 detect routeback,norfc1918 params: LOG=ULOG policy: $FW all ACCEPT net all DROP $LOG loc all DROP $LOG all all REJECT $LOG ACCEPT loc $FW tcp 22 ACCEPT net:64.175.19.240/28 $FW tcp 22 ACCEPT net:64.175.19.34 $FW tcp 22 ACCEPT net:65.183.195.218 $FW tcp 22 ACCEPT loc $FW icmp - - - 5/s ec:10 ACCEPT net $FW icmp - - - 5/s ec:10 zones: fw firewall # Domain 0 loc ipv4 net ipv4 Thanks in advance. David Koski david@xxxxxxxxxxxxxxxx _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |