Hello *, I''m trying to setup Shorewall under Ubuntu 7.04 and Xen configured to use network-dummy instead of network-bridge (network-bridge seems to be buggy at the moment under Debian/Ubuntu). Is there a shorewall config example I can use in combination with network-dummy? In particular, with network-dummy there is no peth interface and the bridge include the real eth interface. I tried to configure Shorewall by myself but i cannot match any situations so I have to open all to all :( -- Davide Corio davide.corio<at>redomino.com Redomino S.r.l. Largo Valgioie 14 - 10146 Torino - Italy Tel: +39 011 7499875 - Fax: +39 011 3716911 http://www.redomino.com/ ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Il giorno mar, 22/05/2007 alle 11.38 +0200, Davide Corio ha scritto:> Hello *, > I''m trying to setup Shorewall under Ubuntu 7.04 and Xen configured to > use network-dummy instead of network-bridge (network-bridge seems to be > buggy at the moment under Debian/Ubuntu). > > Is there a shorewall config example I can use in combination with > network-dummy? > > In particular, with network-dummy there is no peth interface and the > bridge include the real eth interface. > > I tried to configure Shorewall by myself but i cannot match any > situations so I have to open all to all :(http://www.shorewall.net/bridge.html sorry... -- Davide Corio davide.corio<at>redomino.com Redomino S.r.l. Largo Valgioie 14 - 10146 Torino - Italy Tel: +39 011 7499875 - Fax: +39 011 3716911 http://www.redomino.com/ ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Davide Corio wrote:> Il giorno mar, 22/05/2007 alle 11.38 +0200, Davide Corio ha scritto: >> Hello *, >> I''m trying to setup Shorewall under Ubuntu 7.04 and Xen configured to >> use network-dummy instead of network-bridge (network-bridge seems to be >> buggy at the moment under Debian/Ubuntu). >> >> Is there a shorewall config example I can use in combination with >> network-dummy? >> >> In particular, with network-dummy there is no peth interface and the >> bridge include the real eth interface. >> >> I tried to configure Shorewall by myself but i cannot match any >> situations so I have to open all to all :( > > http://www.shorewall.net/bridge.html > > sorry... >I''ve never heard of ''network-dummy'' so I''m not going to be much help there. But I can tell you that no configuration that relies on BRIDGING=Yes (as does http://www.shorewall.net/bridge.html and both of the Xen bridged configuration articles) will work on Ubuntu 7.04. The reason is that 7.04 uses a 2.6.20 kernel which contains a limited-function version of the physdev match capability which is not usable for defining Shorewall zones. So any possible solution with a bridge under 7.04 must use the technique described in http://www.shorewall.net/NewBridge.html. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Il giorno mar, 22/05/2007 alle 07.11 -0700, Tom Eastep ha scritto:> I''ve never heard of ''network-dummy'' so I''m not going to be much help there. > But I can tell you that no configuration that relies on BRIDGING=Yes (as > does http://www.shorewall.net/bridge.html and both of the Xen bridged > configuration articles) will work on Ubuntu 7.04. The reason is that 7.04 > uses a 2.6.20 kernel which contains a limited-function version of the > physdev match capability which is not usable for defining Shorewall zones. > > So any possible solution with a bridge under 7.04 must use the technique > described in http://www.shorewall.net/NewBridge.html.Hi, BRIDGING=yes is working fine in my case even on Ubuntu 7.04. I solved the problem defining two entries in hosts for xenbr0:eth0 and xenbr0:vif+ regards, -- Davide Corio davide.corio<at>redomino.com Redomino S.r.l. Largo Valgioie 14 - 10146 Torino - Italy Tel: +39 011 7499875 - Fax: +39 011 3716911 http://www.redomino.com/ ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Davide Corio wrote:> Il giorno mar, 22/05/2007 alle 07.11 -0700, Tom Eastep ha scritto: >> I''ve never heard of ''network-dummy'' so I''m not going to be much help there. >> But I can tell you that no configuration that relies on BRIDGING=Yes (as >> does http://www.shorewall.net/bridge.html and both of the Xen bridged >> configuration articles) will work on Ubuntu 7.04. The reason is that 7.04 >> uses a 2.6.20 kernel which contains a limited-function version of the >> physdev match capability which is not usable for defining Shorewall zones. >> >> So any possible solution with a bridge under 7.04 must use the technique >> described in http://www.shorewall.net/NewBridge.html. > > Hi, > BRIDGING=yes is working fine in my case even on Ubuntu 7.04.Then you have a very simple configuration. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Il giorno mar, 22/05/2007 alle 07.30 -0700, Tom Eastep ha scritto:> Then you have a very simple configuration.Yes, you are right. I''ll try to recompile the kernel and have a working configuration. -- Davide Corio davide.corio<at>redomino.com Redomino S.r.l. Largo Valgioie 14 - 10146 Torino - Italy Tel: +39 011 7499875 - Fax: +39 011 3716911 http://www.redomino.com/ ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/