Teo En Ming wrote: >I have a 64-bit server running RHEL 5 x86-84 Xen Virtualization. >There are 6 NICs in this Xen Host. > >The interface names in Dom 0 are: > >eth0 - xenbr0 - reserved for Dom 0 Host Management Administration >eth1 - xenbr1 - reserved for Virtual Machine #1 >eth2 - xenbr2 - reserved for Virtual Machine #2 >eth3 - xenbr3 - reserved for Virtual Machine #3 >eth4 - xenbr4 - reserved for Virtual Machine #4 >eth5 - xenbr5 - reserved for Virtual Machine #5 > >How should I configure shorewall in this case of multiple nics, each >nic being dedicated to a Virtual Machine?
You have two main options : 1) You could run shorewall in the Dom-0 and configure policies/rules as required. 2) You don't bother trying to filter at the Dom-0 bridge level, but instead run Shorewall on each VM - and that simply means using the single interface config examples. Each VM will simply have a single 'eth0' and the single interface config examples should work without modification. I would do the latter, it's far easier to set up, plus your firewalling is configured per VM and it's easier than keeping track of firewall rules running on a 'machine' that is different to the machine the services are hosted on. As for protecting the Dom-0, you can again run Shorewall and follow the single interface examples - just using eth0 and not assigning IP addresses to any of the vif0.n interfaces. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
