Hi,
I''m having some problems with shorewall and xen. Mostly xen I guess as
there are 500 ways of doing it and non seems to work for me :).
What I want to have is to have all my virtual hosts running on a
private network (192.168.100.x). I then want to have an local
interface running 192.168.100.1 where I can route from and to the
virtual network and also masquerade outgoing connections etc.
Any takes up for helping with that? The server is a single nic (eth0)
with a public ip adress. I was first thinking of adding a virtual
interface eth0:0 but Shorewall isn''t buying that.
So maybe I should run xen in bridged mode and add the local adress to
the xen bridge interface?
--
regards,
Robin
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
> Hi, > > I''m having some problems with shorewall and xen. Mostly xen I guess as > there are 500 ways of doing it and non seems to work for me :). > > What I want to have is to have all my virtual hosts running on a > private network (192.168.100.x). I then want to have an local > interface running 192.168.100.1 where I can route from and to the > virtual network and also masquerade outgoing connections etc. > > Any takes up for helping with that? The server is a single nic (eth0) > with a public ip adress. I was first thinking of adding a virtual > interface eth0:0 but Shorewall isn''t buying that. > > So maybe I should run xen in bridged mode and add the local adress to > the xen bridge interface? > > -- > regards, > Robin > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >I''m using a different virtualization solution (see www.openvz.org) but the setup is the same. You will need to explain in more detail what "shorewall is not buying". The way that you''ve chosen is the correct approach, you make an alias to eth0 that is part of your virtual address space and you specify the default gateway in your virtual machines the ip address of that alias. I don''t know how networking works in xen because openvz uses a different method to interconnect the virtual machines with the host but it should work ok with the alias. You must keep in mind that the alias must be up BEFORE shorewall starts ! ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
daniel@xma.ro wrote:> > You will need to explain in more detail what "shorewall is not buying". >Robin may also wish to read http://www1.shorewall.net/Shorewall_and_Aliased_Interfaces.html which describes how to use aliases with Netfilter (and hence with Shorewall). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On 6/7/07, Robin Ericsson <lobbin@gmail.com> wrote:> Hi, > > I''m having some problems with shorewall and xen. Mostly xen I guess as > there are 500 ways of doing it and non seems to work for me :).Thanks for my answers. I was able to solve the problem today. I created a Xen bridge device called xenbr1 with ip 192.168.100.1 and told and virtual servers to use this bridge. When having this device up and running there was no problem in adding another device and zone to shorewall. -- regards, Robin ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/