similar to: Isolated firewall in DomU

I have been playing with Xen 3.0.1 for some days now, using debian sarge for dom0 and domU''s, and it works like a charm. But, I have a problem with rebooting domU''s. Here is the output from /var/log/xend.log [2006-03-30 13:44:58 xend.XendDomainInfo] INFO (XendDomainInfo:823) Domain has shutdown: name=vmintraweb1 id=5 reason=reboot . [2006-03-30 13:44:58 xend.XendDomainInfo]

As I received no response on the general CentOS list, I'll repost it here as the question is about Xen virtual machine routing. This is my network setup: http://pastebin.com/kyWpTQYU Lets assume my dom0's eth2 public ip is 1.2.3.33 and my dmz network 11.22.33.96/255.255.255.224 . I have created NAT from my LAN with iptables. You can see my /etc/sysconfig/iptables here:

Hello folks, I have a really strange routing problem that no amount of googling and experimenting has been able to solve. Then again, I''m new to Xen and "advanced" networking, so I could be missing something very basic. Summary: an unprivileged domU with PCI frontend for a NIC is used as a router; icmp gets routed, but tcp/ip only partially. I''m using a xen-unstable

Hi all, I am running Xen 3.0.2-2 (taken from XenSource) with Linux kernel 2.6.16 (taken from Debian Sid), I compiled Xen and 2 kernels (dom0 and domU). Here is the ascii-art of my setup: ------------ ------------- | LAN |------------------------| waste | 192.168.0.94/24 ------------ ------------- | ·····························

I want to create a network like this: Internet -- physical router -- host (network 192.168.178.x) -- virtual machine dmz -- eth0 (connected to pyshical router) -- eth1 (connect to isolated network 10.0.0.x) -- virtual machine www - eth0 (connect to isolated network 10.0.0.x) [image: network design]

I am attempting to setup a firewall in a DomU. The firewall program I eventually want to run is Shorewall. Both my Dom0 and DomU are Debian Lenny 64 bit systems. The Dom0 has four physical network interfaces installed. Currently, one of the NICs is hidden using the pciback.hide command in the /boot/grub/menu.lst file. Similarly, the hidden NIC is passed to the DomU using the pci =

I''ve a Xen Dom0 with 3 vif-bridges defined, one each for LAN, WAN & DMZ. A DomU router/firewall routes between the 3. Works great. After getting advice from the list, I''ve settled on an apporach to file-services; I''ve launched a storage appliance (OpenFiler) in a DomU. For initial access, it attaches to the LAN bridge. I next want to provide access to the NAS

Hi *, when I try to start this config kernel = "/boot/vmlinuz-2.6.11-xenU" memory = 128 name = "Virtual1" vif = [ ''mac=aa:00:00:00:00:11, bridge=xen-br0'' ] disk = [ ''phy:vg00/domu01_lv,sda1,w'' ] root = "/dev/sda1 ro" extra = "4" I get this errors in xend.log (tried two times): [2005-05-23 13:37:22 xend] INFO

Another checksum offload problem was reported on xen-users, when using a domU as a firewall: http://lists.xensource.com/archives/html/xen-users/2006-04/msg01150.html It also fails without VLANs. The path from dom0->domU with ip_summed==CHECKSUM_HW/proto_csum_blank==1 is broken. - skb_checksum_setup() assumes that a checksum will definitely be calculated in dev_queue_xmit(), but the

I am not quite sure if this issue relates to iptables, routing or Xen virtual machines. Too many variables for my simple mind, so I'm asking some advice :) This is my network setup: Internet --- eth2 + CentOS dom0 / firewall / router + eth1 (xenbr1) --- LAN with private IPs --- separate file server and workstations + eth0 (xenbr0)

I am trying to configure a firewall, but nailing down the configuration is eluding me. The box is running Debian stable. Basically, I have a rackmount server with six network cards. eth0 is the internal network, eth1 is a kiosk network, eth2 is a DMZ/wireless network. On the outbound side, eth3 is a DSL connection and eth4 is a cablemodem connection. What I am trying to do is route all internal

Hi All, I am trying to create the following configuration: dom0 |---eth2 Masquerading interface to OUTSIDE | |---eth0 LAN:10.0.1.1/24 | |---eth1 WLAN:10.0.2.1/24 | |---xenbr0 DMZ:10.0.3.1/24 | |-- vifX.0 -- eth0 domU:10.0.3.2 I would like to do it this way because I will not be using xen all the time on this machine. I created a network-virtual script which

Good point Stijn, I am sorry to post without subject and such it must be the early morning. The relevant entries in my rules file: ACCEPT net fw tcp 25 ACCEPT net fw tcp 80 ACCEPT net fw tcp 22 ACCEPT net fw tcp 21 ACCEPT net fw udp 21 REJECT loc

Using the 2.0.6 demo cd image, I booted the supplied freebsd image and rsync''d the file system to an NFS server. However I don not seem to be able to succesfully boot from it the system just hangs here: xn0: bpf attached xn0: Ethernet address: aa:00:00:61:1c:d4 lo0: bpf I have modified /sbin/start_freebsd.sh and /etc/xen/freebsd.py to generate the following configuration: xendemo:~#

This patch adds code to handle SKB_GSO_TCPV6 skbs and construct appropriate extra or prefix segments to pass the large packet to the frontend. New xenstore flags, feature-gso-tcpv6 and feature-gso-tcpv6-prefix, are sampled to determine if the frontend is capable of handling such packets. Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Cc: David

Hey, I have a Compaq T2000 UPS that I use to power my firewall, dmz, and two internal machines and I've just started implementing UPS monitoring to shut the systems down in the event of an outage instead of relying on me, but I've run into a snag. Reading the documentation, it seems the client has to contact the server. The problem is I really don't want to open a port form the

Hi James, Many thanks for your quick reply, and for the help. I''m now able to see the dom0 machine from the network, but I can''t seem to get into our out of dom1. I can''t see any IP addresses on my network such as 192.168.1.10 from within dom1, nor can I ping the machine''s address from dom0 or elsewhere on the network. My dom1 is a just a copy of the

Hi All, I am hoping someone can help me with a project I am doing at work. I warn you in advance that this will be a long post, but I wanted to provide as much information as I could to explain what was going on. Any help would be very much appreciated and welcomed as my boss would like to see this up and running this week. I have been scouring various documents on advanced routing for a

Hi! I was thinking, is there a way to use a linux box with Samba running in the DMZ of a firewall and to validate logons from the internal network? I.e. the users workstations are on the protected net on 192.168.111.xx and the Samba PDC resides in the DMZ, running subnet 192.168.222.xx. If it's possible, what ports need to be open? Anders Norrbring

Also remove unused xenbus_{,un}map_ring(), adjust types, and clean up header inclusion. Signed-off-by: Jan Beulich <jbeulich@novell.com> --- a/drivers/xen/blkback/blkback.c +++ b/drivers/xen/blkback/blkback.c @@ -41,6 +41,8 @@ #include <linux/list.h> #include <linux/delay.h> #include <xen/balloon.h> +#include <xen/evtchn.h> +#include <xen/gnttab.h>