Hello Tom
Hello dear shorewall users.
Could some one help me to configure shorewall to satisfy the following
scenario:
I've got ubuntu 10.04LTS server with eth0 and eth1 network interfaces acting
as KVM virt machines host.
Here's the "interfaces"
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet manual
#LAN iface
auto br0
iface br0 inet static
address 192.168.0.6
netmask 255.255.255.0
bridge_ports eth0
bridge_stp off
bridge_fd 0
bridge_maxwait 0
metric 0
# WAN iface 1
#auto eth1.7
iface eth1.7 inet manual
vlan_raw_device eth1
auto br1-vlan7
iface br1-vlan7 inet static
address 192.168.162.2
netmask 255.255.255.248
gateway 192.168.162.1
bridge_ports eth1.7
bridge_stp off
bridge_fd 0
bridge_maxwait 0
metric 1
# WAN iface 2
iface eth1.23 inet manual
vlan_raw_device eth1
auto br1-vlan23
iface br1-vlan23 inet static
address 192.168.163.234
netmask 255.255.255.240
gateway 192.168.163.233
bridge_ports eth1.23
bridge_stp off
bridge_fd 0
bridge_maxwait 0
metric 2
# WAN iface 3 DNS
iface eth1.445 inet manual
vlan_raw_device eth1
auto br1-vlan445
iface br1-vlan445 inet manual
bridge_ports eth1.445
bridge_stp on
bridge_fd 1
bridge_maxwait 0
metric 0
There are 3 virtual machines are running on the server currently...
br0 is in LAN and act as virt-manager only (should be accessible from LAN
only)
br1-vlan7 connects to the ISP1
br1-vlan23 to the ISP2
br1-vlan445 bridges vlan 445 to the virtual machine interface with ip
192.168.162.162
here's what IP ADDR gives:
ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP qlen 1000
link/ether 00:30:48:57:e7:42 brd ff:ff:ff:ff:ff:ff
inet6 fe80::230:48ff:fe57:e742/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 1000
link/ether 00:30:48:57:e7:43 brd ff:ff:ff:ff:ff:ff
inet6 fe80::230:48ff:fe57:e743/64 scope link
valid_lft forever preferred_lft forever
4: br1-vlan7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UNKNOWN
link/ether 00:30:48:57:e7:43 brd ff:ff:ff:ff:ff:ff
inet 192.168.162.2/29 brd 192.168.162.7 scope global br1-vlan7
inet6 fe80::230:48ff:fe57:e743/64 scope link
valid_lft forever preferred_lft forever
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UNKNOWN
link/ether 00:30:48:57:e7:42 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.6/24 brd 192.168.0.255 scope global br0
inet6 fe80::230:48ff:fe57:e742/64 scope link
valid_lft forever preferred_lft forever
6: eth1.7@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP
link/ether 00:30:48:57:e7:43 brd ff:ff:ff:ff:ff:ff
inet6 fe80::230:48ff:fe57:e743/64 scope link
valid_lft forever preferred_lft forever
7: br1-vlan23: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UNKNOWN
link/ether 00:30:48:57:e7:43 brd ff:ff:ff:ff:ff:ff
inet 192.168.163.234/28 brd 192.168.163.239 scope global br1-vlan23
inet6 fe80::230:48ff:fe57:e743/64 scope link
valid_lft forever preferred_lft forever
8: eth1.23@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP
link/ether 00:30:48:57:e7:43 brd ff:ff:ff:ff:ff:ff
inet6 fe80::230:48ff:fe57:e743/64 scope link
valid_lft forever preferred_lft forever
9: br1-vlan445: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UNKNOWN
link/ether 00:30:48:57:e7:43 brd ff:ff:ff:ff:ff:ff
inet6 fe80::230:48ff:fe57:e743/64 scope link
valid_lft forever preferred_lft forever
10: eth1.445@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP
link/ether 00:30:48:57:e7:43 brd ff:ff:ff:ff:ff:ff
inet6 fe80::230:48ff:fe57:e743/64 scope link
valid_lft forever preferred_lft forever
11: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN qlen 500
link/ether fe:54:00:ed:51:ae brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:feed:51ae/64 scope link
valid_lft forever preferred_lft forever
12: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN qlen 500
link/ether fe:54:00:b4:07:13 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:feb4:713/64 scope link
valid_lft forever preferred_lft forever
16: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN qlen 500
link/ether fe:54:00:79:09:c2 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe79:9c2/64 scope link
valid_lft forever preferred_lft forever
17: vnet3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN qlen 500
link/ether fe:54:00:c5:cb:88 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fec5:cb88/64 scope link
valid_lft forever preferred_lft forever
I wonder if it's possible to use shorewall in the following scenario ?
Gurus please help !!!
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
