>I am running Debian etch with shorewall 4.0.14-1 and Xen 3.2-1 on a >2.6.18-6-xen-686 kernel. Xen is running natted and I'm trying to >setup shorewall. I read the documentation that came closer to it >(http://www.shorewall.net/XenMyWay-Routed.html) but I just can't get >it to work. > >I have been using Shorewall for a while now and I though that it >would be the same as any natted environment I have setup but it's >not. Is there any documentation floating around on the net >regarding Shorewall and Xen natted?
Are you trying to do this in the Dom0 or a DomU ? The bridging environment in the Dom0 is not friendly to firewalling, and I think common advice is not to try. In fact, I think Tom has previously said that he doesn't know of anyone who has managed to get firewalling+nat working in a Dom0 ! I have put my firewall/router/nat in a DomU and made the external ethernet port available to it exclusively (by hiding the PCI device from Dom0). The DomU router then works 'normally', and the Dom0 (which is internal only) has no firewalling at all. I have another Xen box (without NAT) I manage, and on that I've had-crafted a bare minimum of iptables rules that simply protect the Dom0 itself and permit all other traffic. Each DomU is treated like a standalone box and does it's own firewalling (with Shorewall). ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
