Hi * in xend-config.xsp I have: ******************************** (network-script network-route) (vif-bridge xen-br0) (vif-script vif-bridge) ******************************** and in /etc/network/interfaces ********************************* iface eth0 inet static address 0.0.0.0 auto xen-br0 iface xen-br0 inet static pre-up ifconfig eth0 up pre-up brctl addbr xen-br0 pre-up brctl addif xen-br0 eth0 address xxx.xxx.xxx.xx netmask xxx.xxx.xxx.xxx gateway xxx.xxx.xxx.xx bridge_fd 0 bridge_hello 0 bridge_stp off ********************************* I''m trying to configure shorewall on this machine: /etc/shorewall/interfaces: *************************************************** net eth0 detect routeback - xen-br0 - - *************************************************** /etc/shorewall/zones: *************************************************** fw firewall #Domain 0 xen ipv4 #Domain 0 on the bridge dmz ipv4 #other domains net ipv4 *************************************************** /etc/shorewall/hosts: *************************************************** ursa xen-br0:vif0.0 dmz xen-br0:vif+ net xen-br0:peth0 *************************************************** So, the problem is that I don''t have peth0 (maybe because i''m using network-route). In fact, If I try to contact dom0 or any domU, in the log I see: Shorewall:FORWARD:REJECT:IN=xen-br0 OUT=xen-br0 PHYSIN=eth0 PHYSOUT=vif1.0 How can I intercept packet from eth0 in this case? :(( the "net" interface seems to ignore eth0 -- Davide Corio davide.corio@redomino.com Redomino S.r.l. C.so Monte Grappa 90/b - 10145 Torino - Italy Tel: +39 011 19502871 - Fax: +39 011 19791122 - http://www.redomino.com/ _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Wednesday 15 March 2006 06:20, Davide Corio wrote:> > So, the problem is that I don''t have peth0 (maybe because i''m using > network-route). > In fact, If I try to contact dom0 or any domU, in the log I see: > > Shorewall:FORWARD:REJECT:IN=xen-br0 OUT=xen-br0 PHYSIN=eth0 > PHYSOUT=vif1.0 > > How can I intercept packet from eth0 in this case? :(( > the "net" interface seems to ignore eth0There is Xen documentation on the Shorewall site. Look in the Shorewall 3.x Documentation Index under ''Xen''. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Seemingly Similar Threads
- Shorewall and Xen with network-dummy
- Shorewall/Xen setup (correct from-address this time)
- [Bridge] single briged network internet access problems
- Port forwarding from non-xenbridged external interface to xen-interface
- Bridging problem with Shorewall and OpenVpn