similar to: Routing problem in bridged setup

http://bderzhavets.blogspot.com/2008/05/install-solaris-nevada-build-87-domu-at.html This message posted from opensolaris.org

I am attempting to setup a firewall in a DomU. The firewall program I eventually want to run is Shorewall. Both my Dom0 and DomU are Debian Lenny 64 bit systems. The Dom0 has four physical network interfaces installed. Currently, one of the NICs is hidden using the pciback.hide command in the /boot/grub/menu.lst file. Similarly, the hidden NIC is passed to the DomU using the pci =

When I start xen dom0 I get that same dhcp address for eth0 and for xen-br0, dom0 can talk to the world. If I start each of my 3 domU''s mannually, each guest gets a xen-br0 vif with a dhcp address and all 3 can talk to the outside world and each other (my "flat network"). What I want is a tiered network with the first domU acting as a firewall with 3 nics vif = [

As I received no response on the general CentOS list, I'll repost it here as the question is about Xen virtual machine routing. This is my network setup: http://pastebin.com/kyWpTQYU Lets assume my dom0's eth2 public ip is 1.2.3.33 and my dmz network 11.22.33.96/255.255.255.224 . I have created NAT from my LAN with iptables. You can see my /etc/sysconfig/iptables here:

Hi * in xend-config.xsp I have: ******************************** (network-script network-route) (vif-bridge xen-br0) (vif-script vif-bridge) ******************************** and in /etc/network/interfaces ********************************* iface eth0 inet static address 0.0.0.0 auto xen-br0 iface xen-br0 inet static pre-up ifconfig eth0 up pre-up brctl addbr xen-br0 pre-up brctl addif

(if this post gets line-feed-mangled please read http://www.dl.reneschmidt.de/shorewallxenpost.txt - that''s an unmangled version, thank you) Hello, first I would like to thank the Mr. Eastep and contributors for this great piece of software and superb documentation. I have a SOHO server (Debian testing) that I''m using for several purposes so I''ve set up a Xen

I have a three interface network (net,loc,dmz). The internet interface (eth0) has a static IP. Windows machine in the local network (eth1) use DHCP to get IPs from the 192.168.10.0/24 netblock. The Debian machine in the DMZ (eth2) gets a fixed IP through DHCP in the 192.168.11.0/24 netblock. The DHCP server is running on the firewall machine (not ideal, I know, but that''s the way

I made a boo boo in my config and put in this rule #PPTP DNAT net:213.67.241.162/217.209.46.204/32 loc:192.168.221.200 tcp 1723 DNAT net:213.67.241.162/32,217.209.46.204/32 loc:192.168.221.200 47 - And the the following happened.. and I wonder why it didn''t complain? I am sure I am just misunderstanding some doc

thanks again for your sharp eye and speedy response. i have corrected the typos in the IP in the masq file. I am sorry to have to ask for more help but my pc''s on the local network can''t reach the dmz webserver using the webserver''s local or Public IP address. I need to be able to do this in order to test the split DNS setup for the network. Using ethereal on the

Hopefully this is an easy question.... I''m using a leaf router (bearing) running shorewall. Three interfaces net, loc, and dmz. Only one computer in the dmz and its being proxy arp''d. External and internal (net and loc) can reach the dmz but the dmz cannot reach the isp''s gateway and beyond, but can reach a system adjacent to the firewall.

i am doing a clean install on fedora core 2 using the shorewall rpm and the Shorewall Setup Guide for multiple IP''s using a stock configuration except for AllowDNS and AllowWeb on the firewall (so i can post this message). my shorewall status file is attached. my setup 69.17.65.105 = firewall 69.17.65.22 = dmz server 1 69.17.65.161 = dmz server 2 my local network is

My sincere apologies to all on this list. After looking for returning packets with tcpdump and not finding ANY I called our provider to confirm our IP assignment. The IP range that I was given by my boss was incorrect. After adjusting the ip assignments, everything is working perfectly. Thank you all for your time in troubleshooting this, and I hope to be able to return the favor at some

I have a heterogeneous network with a R.H. Linux server running Samba 3.0.5 and various Win clients (from Win 98 to Win XP Pro). On a Samba share I have an ISAM database (Access, FoxPro etc. like) that is being accessed by applications running on the Win clients and by applications running in Linux. I have disabled "opplocks" in both Win9x clients and on the Samba share. I have

Hello, I am having a issue with my Xen setup, that other people have reported as well. No one seems to have a solution to this problem or an idea what might cause it. My only hope is that I might get some more ideas here in the devel list. The basic problem is that if there is sustained high data rate traffic through a virtual interface, it seems that the queues fill up and the link

Hello all, I''ve read the shorewall guides and browsed through the mailing lists, but I haven''t been able to find out if the following is possible or not using shorewall. Our provider has given us 16 IPs + 4 in a separate range for our uplink. I would like to replace that router with a Linux box running shorewall with three interfaces. I want the DMZ to be a standard, routed

I have been trying to get DNAT to work and I actually have succeeded too, however, not how I thought it would work when reading through the documentation. 1. No matter what I do I cannot get DNAT to work unless I have an entry in eiter the nat or the proxyarp file. Is that really how it''s supposed to be? I can''t find anything about it in the documentation. 2. Also, in the

Hello, I am experimenting with Snort and other IDS and I would like to use Xen for these tests. This would require me to use port mirroring to sent a bunch of packets to a NIC located on my Xen machine. I don''t really know how Xen networking works, but is it possible to give a domU direct access to a NIC ? Or at least give it enough access so that it can see packets that are not for the

I have an access-IProm my isp that I configured my eth0 with. And I also have an IP-range assigned from my ISP that will be used on my servers connected to eth1. The IP-range is routed thru the access-IP. This is how my configfiles look like. Internal everything seems to work but not external. /etc/shorewall/proxyarp #ADDRESS INTERFACE EXTERNAL HAVEROUTE

Hi all; We have a Solaris 10 U9 x86 instance running on Silicon Mechanics / SuperMicro hardware. Occasionally under high load (ZFS scrub for example), the box becomes non-responsive (it continues to respond to ping but nothing else works -- not even the local console). Our only solution is to hard reset after which everything comes up normally. Logs are showing the following: Jan 8

Hello list, I am in the process of switching from IPCOP to Shorewall s the firewall for our small office. I very much like the fact that Shorewall runs on top of the same OS (openSuSE 11.4) that I run on the server and my desktop. Our setup is fairly straightforward. We have 8 static ip addresses from our ISP, which provides a cable modem and a Cisco 800 series router. The ip addresses are