Hi, I''m running RedHat Enterprise Linux 4 (RHEL4) on my Server and I use XEN for virtualizes my Firewall (based on IP-COP) on the same machine. The problem now is hat XEN associates always eth0 of domU with my NIC (eth0) on dom0. When I want to use my dom0 as DMZ host, I have to associate eth0 in my dom0 with eth1 in my domU as shown below. The eth0 in my domU should be a physical interface in my system. Dom0 domU Eth0 <---> eth1 eth0 <---> Physical Interface (00:13.0) How can I configure XEN''s network in this way? Thanks, Mike _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi, I''m running RedHat Enterprise Linux 4 (RHEL4) on my Server and I use XEN for virtualizes my Firewall (based on IP-COP) on the same machine. The problem now is hat XEN associates always eth0 of domU with my NIC (eth0) on dom0. When I want to use my dom0 as DMZ host, I have to associate eth0 in my dom0 with eth1 in my domU as shown below. The eth0 in my domU should be a physical interface in my system. Dom0 domU Eth0 <---> eth1 eth0 <---> Physical Interface (00:13.0) How can I configure XEN''s network in this way? Thanks, Mike _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi, I''m running RedHat Enterprise Linux 4 (RHEL4) on my Server and I use XEN for virtualizes my Firewall (based on IP-COP) on the same machine. The problem now is hat XEN associates always eth0 of domU with my NIC (eth0) on dom0. When I want to use my dom0 as DMZ host, I have to associate eth0 in my dom0 with eth1 in my domU as shown below. The eth0 in my domU should be a physical interface in my system. Dom0 domU Eth0 <---> eth1 eth0 <---> Physical Interface (00:13.0) How can I configure XEN''s network in this way? Thanks, Mike _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Michael WALSER wrote:> Hi, > > I''m running RedHat Enterprise Linux 4 (RHEL4) on my Server and I use XEN for > virtualizes my Firewall (based on IP-COP) on the same machine. > The problem now is hat XEN associates always eth0 of domU with my NIC (eth0) > on dom0. > When I want to use my dom0 as DMZ host, I have to associate eth0 in my dom0 > with eth1 in my domU as shown below. The eth0 in my domU should be a > physical interface in my system. > > Dom0 domU > Eth0 <---> eth1 > eth0 <---> Physical Interface > (00:13.0) > > > How can I configure XEN''s network in this way?If I understand you right, you cannot do this (yet) in xen-unstable (pre-3.0). We do not support physical PCI devices in domU at this time. thanks, Nivedita _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi Michael, there was a long thread "Ideal(istic) xen firewall design" on this list which discussed many aspects of these designs. Have a look at the archives. Dirk Michael WALSER schrieb:>Hi, > >I''m running RedHat Enterprise Linux 4 (RHEL4) on my Server and I use XEN for >virtualizes my Firewall (based on IP-COP) on the same machine. >The problem now is hat XEN associates always eth0 of domU with my NIC (eth0) >on dom0. >When I want to use my dom0 as DMZ host, I have to associate eth0 in my dom0 >with eth1 in my domU as shown below. The eth0 in my domU should be a >physical interface in my system. > >Dom0 domU >Eth0 <---> eth1 > eth0 <---> Physical Interface >(00:13.0) > > >How can I configure XEN''s network in this way? > >Thanks, >Mike > > >_______________________________________________ >Xen-users mailing list >Xen-users@lists.xensource.com >http://lists.xensource.com/xen-users > >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
> Hi Michael, > > there was a long thread "Ideal(istic) xen firewall design" on this list > which discussed many aspects of these designs. > > Have a look at the archives. > > Dirk >Thanks, I read the Thread. But my problem is not so complicated, I Think. I did it like Markus: --> 2 Network-Interfaces (all 2 hidden from dom0 and configured in domU (PCI-Entry in the Config File (etc/xen/ipcop)) --> 1 (Default Configured) Ethernet-Bride on XEN (2.0.7 Stable) (eth0) should be the DMZ-Connection (eth1 in the domU). How can I modify the Interface Numbers. Everything works fine, but the IPCOP scripts are written as so that eth0 is always the LAN-Interface, but the Bridge to the DOM0 should have eth1 instead of eth0, because dom0 should be my DMZ-Host. That means that I do not change the Bridge-Configuration or anything like that. I only want to change the name of the interfaces EHT0 <--> ETH1. But I cannot Modify ETH0 cause it is fixed in domU. What do I have to change to give the "Bridge" the name eth1 and one of the configured NICs eth0. Michael> Michael WALSER schrieb: > > >Hi, > > > >I''m running RedHat Enterprise Linux 4 (RHEL4) on my Server and I use XEN > for > >virtualizes my Firewall (based on IP-COP) on the same machine. > >The problem now is hat XEN associates always eth0 of domU with my NIC > (eth0) > >on dom0. > >When I want to use my dom0 as DMZ host, I have to associate eth0 in my > dom0 > >with eth1 in my domU as shown below. The eth0 in my domU should be a > >physical interface in my system. > > > >Dom0 domU > >Eth0 <---> eth1 > > eth0 <---> Physical Interface > >(00:13.0) > > > > > >How can I configure XEN''s network in this way? > > > >Thanks, > >Mike > > > > > >_______________________________________________ > >Xen-users mailing list > >Xen-users@lists.xensource.com > >http://lists.xensource.com/xen-users > > > > > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi Michael and Dirk This is determined by the order of the interfaces in the config file: eg: my /etc/xen/Firewall includes pci = [''00,0b,0'', ''00,0a,0'' ] nics=11 vif = [ ''mac=aa:00:00:00:22:01, bridge=br10'', \ ''mac=aa:00:00:25:40:01, bridge=xen-br0'', \ ''mac=aa:00:00:25:40:09, bridge=br1'', \ ''mac=aa:00:00:25:40:17, bridge=br2'', \ ''mac=aa:00:00:25:40:25, bridge=br3'', \ ''mac=aa:00:00:25:40:33, bridge=br4'', \ ''mac=aa:00:00:25:40:49, bridge=br5'', \ ''mac=aa:00:00:25:40:45, bridge=br6'', \ ''mac=aa:00:00:25:40:73, bridge=br7'', \ ''mac=aa:00:00:25:40:81, bridge=br8'', \ ''mac=aa:00:00:25:40:97, bridge=br9'' ] This makes the xen-br0 that you''re referring to appear as eth3 in Firewall. I _assume_ that putting the pci entry after the vif statement would result in xen-br0 becoming eth1. (untested)>From memory you can change the order in IPCop itself by editing/var/ipcop/ethernet/settings but as I don''t have a running version atm I can''t confirm that either ;) Marcus. Michael WALSER wrote:>>Hi Michael, >> >>there was a long thread "Ideal(istic) xen firewall design" on this list >>which discussed many aspects of these designs. >> >>Have a look at the archives. >> >>Dirk >> > > Thanks, I read the Thread. But my problem is not so complicated, I Think. > I did it like Markus: > --> 2 Network-Interfaces (all 2 hidden from dom0 and configured in domU > (PCI-Entry in the Config File (etc/xen/ipcop)) > --> 1 (Default Configured) Ethernet-Bride on XEN (2.0.7 Stable) (eth0) > should be the DMZ-Connection (eth1 in the domU). > > How can I modify the Interface Numbers. Everything works fine, but the IPCOP > scripts are written as so that eth0 is always the LAN-Interface, but the > Bridge to the DOM0 should have eth1 instead of eth0, because dom0 should be > my DMZ-Host. > > That means that I do not change the Bridge-Configuration or anything like > that. I only want to change the name of the interfaces EHT0 <--> ETH1. > But I cannot Modify ETH0 cause it is fixed in domU. > > What do I have to change to give the "Bridge" the name eth1 and one of the > configured NICs eth0. > > Michael > > > > >>Michael WALSER schrieb: >> >> >>>Hi, >>> >>>I''m running RedHat Enterprise Linux 4 (RHEL4) on my Server and I use XEN >> >>for >> >>>virtualizes my Firewall (based on IP-COP) on the same machine. >>>The problem now is hat XEN associates always eth0 of domU with my NIC >> >>(eth0) >> >>>on dom0. >>>When I want to use my dom0 as DMZ host, I have to associate eth0 in my >> >>dom0 >> >>>with eth1 in my domU as shown below. The eth0 in my domU should be a >>>physical interface in my system. >>> >>>Dom0 domU >>>Eth0 <---> eth1 >>> eth0 <---> Physical Interface >>>(00:13.0) >>> >>> >>>How can I configure XEN''s network in this way? >>> >>>Thanks, >>>Mike_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi Markus,> I _assume_ that putting the pci entry after the vif statement would result > in xen-br0 becoming eth1. (untested) >Sorry, but this option take no effect in my configuration. (tested)> >From memory you can change the order in IPCop itself by editing > /var/ipcop/ethernet/settings > but as I don''t have a running version atm I can''t confirm that either ;) >Nice idea! Everything works fine now. I only changed the two strings eth0 and eth1 in the config files. Thank you very much :-)) Michael _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On 10/27/05, Michael WALSER <michael.walser@aon.at> wrote:> > Hi, > > I''m running RedHat Enterprise Linux 4 (RHEL4) on my Server and I use XEN > for > virtualizes my Firewall (based on IP-COP) on the same machine. > The problem now is hat XEN associates always eth0 of domU with my NIC > (eth0) > on dom0. > When I want to use my dom0 as DMZ host, I have to associate eth0 in my > dom0 > with eth1 in my domU as shown below. The eth0 in my domU should be a > physical interface in my system. > > Dom0 domU > Eth0 <---> eth1 > eth0 <---> Physical Interface > (00:13.0) > > > How can I configure XEN''s network in this way?In short - assuming you use default settings.. * Remove dom0''s eth0 and domU''s eth1 from default bridge xen-br0. * Create a new bridge and attach dom0''s eth0 and domU''s eth1 to it. Assign ip address accordingly either to the new bridge or the dom0''s eth0. * Leave domU''s eth0 on the default bridge xen-br0 for outside network access. Thanks,> Mike > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users >-- benjamin rualthanzauva _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users