Ok, thanks Todd for your help.
I have tested, but it don't run ...
Here is my local system/configuration :
kernel 2.6.26-16
BEFORE Xen started
eth0 -> real 1gbit ethernet device with public ip address by example
10.10.1.1
eth0:gw -> one more public with other subnet ... by example
10.10.2.0 netmask 255.255.255.248
(the ip addresses are public ones, not private as here in my example
....)
lo -> normal loopback ....
With xen i want a bridge setup.
AFTER Xen started i have:
bridge with name eth0
and the devices inside the bridge
peth0 (the real device)
veth1.0 (a domU)
with ifconfig i see the devices
eth0 and eth0:gw too
Ok, after schorewall i want :
peth0 -> the real device as 'net'
eth0 -> the dom0 device as fw / loc
vethX -> the domU's as 'loc'
But i don't know how i need to setup this in shorewall.
I use schorewall 4.0.13
I read, that now i need to give shorewall the info
in the zones file which zone is a bridge -> 'bport'.
Ok, in my case so i set the zone file :
fw firewall
net ipv4 # Internet Connection (peth0)
dom0 bport # (eth0 and eth0:gw)
loc bport # the vethX devices from the domU's
In my interfaces file i have the follows :
dom0 eth0 -
net eth0:peth0 -
loc eth0:vif+ - routeback
When i now run a shorewall check i see this error(s)) :
Checking...
Checking /etc/shorewall/zones...
WARNING: Bridge Port zones should have a parent zone :
/etc/shorewall/zones (line 14)
WARNING: Bridge Port zones should have a parent zone :
/etc/shorewall/zones (line 15)
Checking /etc/shorewall/interfaces...
ERROR: Zones of type 'bport' may only be associated with bridge
ports : /etc/shorewall/interfaces (line 11)
here is line 14 : dom0 bport
and line 15 : dom0 bport
and that line 11 of the interfaces file:
dom0 eth0 -
Hm, i don't know what i need to do.
I have tested to setup shorewall so, i do it a long time,
but i become an error, that bridge=yes is not anymore in kernel :-(
I hope you can give me an tip.
Best regards
Torsten
Todd Deshane schrieb:
On Sun, Aug 31, 2008 at 9:07 PM, Mr. WebLover <mrweblover@xxxxxxxxx> wrote:
Hi @ all,
i want to use shorewall in my dom0 and domU's, but i have a little bit
trouble with it.
I followed thhis HowTo:
http://www.shorewall.net/Xen.html
But in this HowTo they works with xenbr0 bridge, and in the new xen config,
there is no bridge with that name. In my system the bridge has the name
eth0...
So, i have the interfaces
eth0 (bridge and device ?)
Yes, replace xenbr0 with eth0 in your configs and things should work.
If not, post your configs and details what does/does not work.
Cheers,
Todd
____________________________________________________________________________
Diese E-Mail wurde auf Viren und gefährliche Anhänge durch das
AttNet E-Mail Sicherheitssystem untersucht und ist wahrscheinlich virenfrei.
© 2007 Ingenieurbüro AttNet - Torsten Albrecht Dipl.-Ing. IT
Schillerstraße 5 - 67304 Kerzenheim - E-Mail: info@xxxxxxxxx
|
