I haven''t seen any response yet on my Xen question but perhaps someone could shed some light on the Shorewall/Xen documentation... I am a little confused by the Xen explanation particularly exactly where ursa and the fw live. On http://www.shorewall.net/myfiles.htm#id2459611 ursa is shown to be inside domain 0 (ie not extended domain 0) but the diagram just below rules; http://www.shorewall.net/Xen.html#id2459561 shows the fw to be domain 0 and ursa to be Extended domain 0, but the text near; http://www.shorewall.net/Xen.html#id2460072 says "by creating a firewall in (the Extended) Domain 0" The hosts file has; ursa xenbr0:vif0.0 so from this I think that ursa is in Domain 0 (not extended Domain 0). Also, if the fw is in domain 0, then how does it get access to vif1.0 vif2.0 etc. Any addition comments on this would be most appreciated, Xen and Shorewall seem like a great combination, I just need to get my head around it :-) Thanks and regards Andrew Braund ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
Am Mittwoch 01 Februar 2006 09:58 schrieb Andrew Braund:> I haven''t seen any response yet on my Xen question but perhaps > someone could shed some light on the Shorewall/Xen documentation...Hello Andrew, I''ve found your posting very interesting as we seem to have basically the same problem but I haven''t found time yet to dig into it. Additionally, (before reading your post) I''ve experimented with network-nat and got good results - it is almost working now and Shorewall config is pretty easy (in contrast to all the weird bridging). I will keep you updated. Later, because I have got some ASAP work to do. -- Mit freundlichem Gruß 8) Rene Schmidt http://log.reneschmidt.de
On 01/02/2006, at 20:07, Rene Schmidt wrote:> Am Mittwoch 01 Februar 2006 09:58 schrieb Andrew Braund: >> I haven''t seen any response yet on my Xen question but perhaps >> someone could shed some light on the Shorewall/Xen documentation... > > Hello Andrew, > > I''ve found your posting very interesting as we seem to have > basically the same > problem but I haven''t found time yet to dig into it. Additionally, > (before > reading your post) I''ve experimented with network-nat and got good > results - > it is almost working now and Shorewall config is pretty easy (in > contrast to > all the weird bridging). > > I will keep you updated. Later, because I have got some ASAP work > to do.Me too, spent a fair bit of my weekend trying to get this to work :-( Hopefully someone will make a few comments, then hopefully I will be able to find some more time and get it going. Regards Andrew> -- > Mit freundlichem Gruß > 8) > Rene Schmidt > http://log.reneschmidt.de------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
Andrew Braund wrote:> I haven''t seen any response yet on my Xen question but perhaps someone > could shed some light on the Shorewall/Xen documentation... > > > I am a little confused by the Xen explanation particularly exactly > where ursa and the fw live. On > http://www.shorewall.net/myfiles.htm#id2459611 > ursa is shown to be inside domain 0 (ie not extended domain 0) > but the diagram just below rules; > http://www.shorewall.net/Xen.html#id2459561 > shows the fw to be domain 0 and ursa to be Extended domain 0, > but the text near; > http://www.shorewall.net/Xen.html#id2460072 > says "by creating a firewall in (the Extended) Domain 0" > > The hosts file has; > ursa xenbr0:vif0.0 > so from this I think that ursa is in Domain 0 (not extended Domain 0). > > Also, if the fw is in domain 0, then how does it get access to vif1.0 > vif2.0 etc. > > Any addition comments on this would be most appreciated, Xen and > Shorewall seem like a great combination, I just need to get my head > around it :-) > > Thanks and regards > Andrew Braund >Persononally I don''t yet understand how Xen Networking works. Tom is taking a break right now, and AFAIK, setting up Xen Networking was somewhat hard for **him** ( so can be really tricky for the rest of us ;-) )
Cristian Rodriguez wrote:> Andrew Braund wrote: > >>I haven''t seen any response yet on my Xen question but perhaps someone >>could shed some light on the Shorewall/Xen documentation... >> >> >>I am a little confused by the Xen explanation particularly exactly >>where ursa and the fw live. On >>http://www.shorewall.net/myfiles.htm#id2459611 >>ursa is shown to be inside domain 0 (ie not extended domain 0) >>but the diagram just below rules; >>http://www.shorewall.net/Xen.html#id2459561 >>shows the fw to be domain 0 and ursa to be Extended domain 0, >>but the text near; >>http://www.shorewall.net/Xen.html#id2460072 >> says "by creating a firewall in (the Extended) Domain 0" >> >>The hosts file has; >>ursa xenbr0:vif0.0 >>so from this I think that ursa is in Domain 0 (not extended Domain 0). >> >>Also, if the fw is in domain 0, then how does it get access to vif1.0 >>vif2.0 etc. >> >>Any addition comments on this would be most appreciated, Xen and >>Shorewall seem like a great combination, I just need to get my head >>around it :-) >> >>Thanks and regards >>Andrew Braund >> > > > Persononally I don''t yet understand how Xen Networking works. > Tom is taking a break right now, and AFAIK, setting up Xen Networking > was somewhat hard for **him** ( so can be really tricky for the rest of > us ;-) ) > >Tom updated his example, see if this is any clearer: http://www1.shorewall.net/Xen.html Jerry ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642