Hi, i have to make the kind of network show in this picture www.bugone.com/rete2.jpg i thought the better way is bridging... any suggestions or ideas? Enrico _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
So it''s better to setup xend to use network-route script? Philipp Jäggi wrote:> >I would take the network-route for the wireless lan stuff and the network >nat on the firewall for every outgoing traffic, just to hide your >configuration. With your bridge in the front, everyone can see your whole >network config with a normal sniffer, what really is a security issue.... > >But it''s almoust impossible to find good documentation about the nat and >route stuff. > >Probably this mail thread can help you to get an idea about the problems of >such a configuration. > >http://lists.xensource.com/archives/html/xen-users/2005-08/msg00340.html > >Hope this helps a little bit. > > >bye Philipp > >==============================================>Philipp Jäggi >SNCT Sandweiler >bp 23 >L-5230 Sandweiler > >+352 35''72''14''342 > >mailto: philipp.jaeggi@snct.lu > > > > > >*"bugone82@hotmail.com" * >Sent by: xen-users-bounces@lists.xensource.com > >03/07/2006 05:24 PM > > To > xen-users@lists.xensource.com >cc > Subject > [Xen-users] xen network > > > > > > > > > >Hi, i have to make the kind of network show in this picture >www.bugone.com/rete2.jpg >i thought the better way is bridging... any suggestions or ideas? > >Enrico > >_______________________________________________ >Xen-users mailing list >Xen-users@lists.xensource.com >http://lists.xensource.com/xen-users >_________________________________________________________________ SMS + facili! Prova un nuovo modo, più comodo, di inviare SMS! http://join2.msn.com/?page=messenger/mm&ST=1&pgmarket=it-it _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
BugOne S <bugone82@hotmail.com> wrote:> So it''s better to setup xend to use network-route script?In my experience it''s much better because it doesn''t f--k up your OS''s networking scripts in dom0 by renaming devices. (I''m on Gentoo. The network-bridge script would randomly [depending on the assigned IP address / subnet] cause dom0 to have no network connectivity.) I''ve made my own networking script for creating the bridges like I want them which DOESN''T rename any interfaces. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
could you post script, routing and iptables rules here please? so who dont know how to do (like me :P) can learn something new... Do you think i can create a bridge for connecting eth2 of the firewall with eth0 of openvpn and eth0 of ldap? (www.bugone.com/rete2.jpg) Or which is the best way for recreate that working configuration? Enrico>From: "Molle Bestefich" <molle.bestefich@gmail.com> >To: "BugOne S" <bugone82@hotmail.com> >CC: xen-users@lists.xensource.com >Subject: Re: [Xen-users] xen network >Date: Wed, 8 Mar 2006 11:33:42 +0100 > >BugOne S <bugone82@hotmail.com> wrote: > > So it''s better to setup xend to use network-route script? > >In my experience it''s much better because it doesn''t f--k up your OS''s >networking scripts in dom0 by renaming devices. > >(I''m on Gentoo. The network-bridge script would randomly [depending >on the assigned IP address / subnet] cause dom0 to have no network >connectivity.) > >I''ve made my own networking script for creating the bridges like I >want them which DOESN''T rename any interfaces._________________________________________________________________ MSN Messenger. Il modo più divertente di comunicare online. Provalo subito, è Gratis! http://www.msn.it/messenger/v7 _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Enrico / BugOne S <bugone82@hotmail.com> wrote:> could you post script,Sure. Attached. (It''s just copy/paste from the other networking scripts.)> routingI''m bridging.> and iptables rules here please?Not using iptables.> (www.bugone.com/rete2.jpg)Curious; which application did you use to create that JPEG?> Do you think i can create a bridge for connecting eth2 of the firewall with > eth0 of openvpn and eth0 of ldap?Can''t see why not. You can specify which particular bridge the VIF of each domU should be attached to in the domU config file. There''s a bit of documentation in xend-config.sxp, AFAIR, and probably also in the "xmexample<blah>" config files. I haven''t tried doing that, but then again I haven''t actively broken it in the network-manual script attached. So you *should* be able to have Xen *NOT* rename your dom0 interfaces and have your domU vif''s attached to whatever bridges necessary using that script. That should ensure that your dom0 /etc/init.d/net* scripts continue to work (and you machine has network access after reboots etc.) and that your domUs are set up as per your wishes when you start them.> Or which is the best way for recreate that working configuration?Can''t say, haven''t much experience with Xen. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
I used network notepad for windows... is a freeware software for drawing network configurations Now my configuration is this www.bugone.com/rete3.jpg I created 2 addictional bridges for isolating the 2 subnet... it seems to work :) tomorrow i''ll test it better Enrico Molle Bestefich wrote:> Enrico / BugOne S <bugone82@hotmail.com> wrote: > >> could you post script, >> > > Sure. Attached. > (It''s just copy/paste from the other networking scripts.) > > >> routing >> > > I''m bridging. > > >> and iptables rules here please? >> > > Not using iptables. > > >> (www.bugone.com/rete2.jpg) >> > > Curious; which application did you use to create that JPEG? > > >> Do you think i can create a bridge for connecting eth2 of the firewall with >> eth0 of openvpn and eth0 of ldap? >> > > Can''t see why not. > > You can specify which particular bridge the VIF of each domU should be > attached to in the domU config file. There''s a bit of documentation > in xend-config.sxp, AFAIR, and probably also in the "xmexample<blah>" > config files. > > I haven''t tried doing that, but then again I haven''t actively broken > it in the network-manual script attached. So you *should* be able to > have Xen *NOT* rename your dom0 interfaces and have your domU vif''s > attached to whatever bridges necessary using that script. > > That should ensure that your dom0 /etc/init.d/net* scripts continue to > work (and you machine has network access after reboots etc.) and that > your domUs are set up as per your wishes when you start them. > > >> Or which is the best way for recreate that working configuration? >> > > Can''t say, haven''t much experience with Xen. > > ------------------------------------------------------------------------ > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users