I have two physical Xenservers. Each one of them have two network cards and few virtual machines. On Xenserver1 I have a FreeBSD that acts as a router/firewall. The setup looks like this:
Xenserver1 / ---- xn0 Wan Public IP / Virtual FreeBSD1 \ \ ---- xn1 LAN IP 10.0.0.1 Virtual Machines on xen1 --- xn1 LAN IP 10.0.0.4-10 Xenserver2 Virtual Machines on xen2 --- xn1 LAN IP 10.0.0.11-20 All virtual machines from xen2 server can easily go through FreeBSD1 firewall out to the internet and back. But those from xen1 can't. When I create second firewall FreeBSD2 on xen2 like this: Xenserver2 / ---- xn0 Wan Public IP / Virtual FreeBSD2 \ \ ---- xn1 LAN IP 10.0.0.2 Virtual Machines on xen2 --- xn1 LAN IP 10.0.0.11-20 and change default routes of virtual machines on xen1 and xen2 to 10.0.0.2 (FreeBSD2) then virual machines on xen2 can't go out but those from xen1 can. Can somebody help me in this situation? I don't know what's wrong. The firewall/NAT doesn't work if the virtual hosts are on the same machine where firewall is. The funny thing is that ICMP packets are passing through, but ordinary traffic does not. Do I have to change something on Xenserver dom0 or PF firewall? -- Marko Lerota Sent from my GNU Emacs/Gnus Mailer _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-xen To unsubscribe, send any mail to "freebsd-xen-unsubscr...@freebsd.org"