Hello everyone I am running xen on a devel box and the dom0 is acting as a router for all the domains on it. I am trying to use shorewall as a firewall and for traffic shaping on dom0. I read the documentation and http://www.shorewall.net/Xen.html which mentions about xen and shorewall. However the documentation talks only about bridged network. Can anyone please point me to right direction into how to use shorewall with routed network ? Thanks. -- regards, Anand Gupta
On Tuesday 07 February 2006 21:09, Anand Gupta wrote:> Hello everyone > > I am running xen on a devel box and the dom0 is acting as a router for all > the domains on it. > > I am trying to use shorewall as a firewall and for traffic shaping on dom0. > I read the documentation and http://www.shorewall.net/Xen.html which > mentions about xen and shorewall. However the documentation talks only > about bridged network. Can anyone please point me to right direction into > how to use shorewall with routed network ? >Hi Anand, haven''t done Xen 3 in a routed environment yet. So I''m a bit guessing ;-) But how I understood xen''s routed approach Dom0 most likely behaves like a "normal" router with several interfaces. The only caveat in your config should be to keep the "flipping" interface names (vifX.x) in mind. So probably you have to use wildcards in your interface file (something like vif+) If you keep Tom''s bridged-Xen example in mind and combine it with a "normal" routed shorewall setup ( http://www.shorewall.net/three-interface.htm ) you should be leaded a working setup. Alex ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
Dear Alex, On 2/8/06, Alexander Wilms <alex.wilms@adminguru.org> wrote:> > Hi Anand, > > haven''t done Xen 3 in a routed environment yet. So I''m a bit guessing ;-)Well first of all thanks for the help and guidance so far :) But how I understood xen''s routed approach Dom0 most likely behaves like a> "normal" router with several interfaces. The only caveat in your config > should be to keep the "flipping" interface names (vifX.x) in mind. So > probably you have to use wildcards in your interface file (something like > vif+)Yes thats what i thought about when i read the documentation. Also i am naming my domU''s as vm01, vm02 and so on, hence the name of the interfaces is also the same, so i would need to use vm+. Any ideas if anything needs to be done for the vif0.x interfaces ? If you keep Tom''s bridged-Xen example in mind and combine it with a "normal"> routed shorewall setup ( http://www.shorewall.net/three-interface.htm ) > you > should be leaded a working setup. >Why do you say bridging when my network is routed ? And i didn''t understand your pointer to the three interface setup. Can you please explain it ? Thanks. -- regards, Anand Gupta