Tweak Xen Docs

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4405 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-08-23 15:51:07 +00:00
parent 251d18e9b5
commit 09daf1bf84
2 changed files with 17 additions and 2 deletions

View File

@ -117,6 +117,13 @@
use Xen</ulink> is much more straight-forward.</para>
</caution>
<warning>
<para>I know of no case where a user has successfully used NAT
(including Masquerade) in a Xen Dom0. So if you want to create a
masquerading firewall/gateway using Xen, you need to do so in a DomU
(see <ulink url="XenMyWay.html">how I do it</ulink>).</para>
</warning>
<para>Here is an example. In this example, we will assume that the system
is behind a second firewall that restricts incoming traffic so that we
only have to worry about protecting the local LAN from the systems running
@ -254,4 +261,4 @@ Ping/ACCEPT dmz ursa</programlisting>
article.</para>
</section>
</section>
</article>
</article>

View File

@ -151,7 +151,7 @@
<listitem>
<para>The second DomU (Dom name <emphasis
role="bold">lists</emphasis>, DNS name lists.shorewall.net) is used as
a public Web/FTP/Mail/DNS serv</para>
a public Web/FTP/Mail/DNS server.</para>
</listitem>
</orderedlist>
@ -275,6 +275,14 @@ disk = [ 'phy:hda3,hda3,w' ]</programlisting>
<para>The zones correspond to the Shorewall zones in the firewall DomU
configuration.</para>
<note>
<para>If you want to run a simple NAT gateway in a Xen DomU, just omit
the second bridge (xenbr1), the second delegated interface, and the
second DomU from the above configuration. You can then install the
<ulink url="two-interface.htm">normal Shorewall two-interface sample
configuration</ulink> in the DomU.</para>
</note>
<caution>
<para>Under some circumstances, UDP and/or TCP communication from a
domU won't work for no obvious reason. That happened with the