[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Dummy ethernet device setup
Hello Philipp, Philipp Jäggi schrieb: So, my question is about how to setup cleanly the bridges, the veth2. I don't want to create a shell script that makes all the necessary steps as I perform it in the shell. So where do I specify the bridge configuration,You can setup a bridge in /etc/network/interfaces (or wherever your interfaces are described in your distro) like any other interface. I have used that on my home firewall, e.g.: auto xen-br0 iface xen-br0 inet static address 192.168.137.254 # hwaddress ether 00:00:00:78:bd:01 netmask 255.255.255.0 network 192.168.137.0 broadcast 192.168.137.255 pre-up brctl addbr xen-br0 post-down brctl delbr xen-br0 Only assigning the MAC address to the bridge seems not to work, everything else does. Of course you have to disable the bridge-setup-script xen uses when starting. I did not bother to find out if xen can be forced not to start a networking script at all, so I simply added "exit 0" to the beginning of the bridged networking script - that is quick and dirty and works. where do I store the veth2 config? I would write that into the config file for the domX. My idea about is at the moment, to create a folder /etc/sysconfig/xen-nework, where I store the bridge information and the ifcfg-veth2. But for this I need a wrapper scripts that start all up cleanly, something like /etc/rc.d/init.d/xen-network. By my problem is, to find the right point in the XEN startup process, where I have to start the network.That was the reason why I set up the bridge as interface with the base system. Because Xen itself start also the network for eth0 and eth1. This I would like to take out of the /etc/rc.d/init.d/xend script and paste it into my xen-network script, so that finally everything that belongs to network is started in one block.I have to do this issues, because in a productive environment with just a couple of people working in the IT and high security requirements, configuration safety is everything. Let's say, nowadays security is everything - everywhere.But nevertheless: you could add the domUs to the bridge connected to the physical interface and have a firewall on every domU (I use shorewall for that kind of setup). Or have a firewall in dom0 and NAT the traffic to the domUs. Or push the physical interface in a domU that is a separate firewall of its own. That why the whole system will be administrated with the help of cfengine.What is cfengine? What does it help concerning security? I am quite interested in these things. As a result of this I have to separate and concernat everything in clean blocks of config files and startup scripts. To do this I requested a guide to clean xen network setup, where everything works after the bootsquence... :-)We will see. :-) At least I can try. By the way, if we keep the discussion on the list there will be more input from experienced people - there are quite some people out there having solved the same problems.Hope you can still help me... Dirk _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |