Daily hacking on Xen My Way

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3732 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

docs/XenMyWay.xml

@@ -15,7 +15,7 @@
       </author>
     </authorgroup>
 
-    <pubdate>2006-03-23</pubdate>
+    <pubdate>2006-03-24</pubdate>
 
     <copyright>
       <year>2006</year>
@@ -126,14 +126,17 @@
       </listitem>
     </itemizedlist>
 
-    <para>There are four Xen domains. Dom0 (ursa) is used as a file server.
-    The first DomU is used as a firewall; the second DomU (lists) is used as a
-    public Web/FTP/Mail/DNS server while the third DomU (wireless, normally
-    Domain 3) is used as a gateway to our wireless network. A seperate
-    wireless gateway is necessary because Xen 3 only supports three virtual
-    interfaces per DomU and the firewall DomU already has three interfaces.
-    Shorewall runs in Dom0, in the firewall domain and in the wireless
-    gateway.</para>
+    <para>There are four Xen domains. Dom0 (ursa.shorewall.net) is used as a
+    file server (NFS and Samba). The first DomU (Dom name <emphasis
+    role="bold">firewall</emphasis>, gateway.shorewall.net) is used as our
+    main firewall; the second DomU (Dom name <emphasis
+    role="bold">lists</emphasis>, lists.shorewall.net) is used as a public
+    Web/FTP/Mail/DNS server while the third DomU (Dom name <emphasis
+    role="bold">wireless</emphasis>, wireless.shorewall.net) is used as a
+    gateway to our wireless network. A seperate wireless gateway is necessary
+    because Xen 3 only supports three virtual interfaces per DomU and the
+    firewall DomU already has three interfaces. Shorewall runs in Dom0, in the
+    firewall domain and in the wireless gateway.</para>
 
     <section id="Domains">
       <title>Domain Configuration</title>
@@ -153,13 +156,13 @@
     module /boot/vmlinuz-xen root=/dev/hda2 vga=0x31a selinux=0    resume=/dev/hda1  splash=silent showopts loopback.nloopbacks=1
     module /boot/initrd-xen</programlisting>
 
-        <para><filename>/etc/xen/auto/01-gateway</filename> — configuration
+        <para><filename>/etc/xen/auto/01-firewall</filename> — configuration
         file for the firewall domain</para>
 
         <programlisting>#  -*- mode: python; -*-
 
 # configuration name:
-name     = "gateway"
+name     = "firewall"
 
 # usable ram:
 memory   = 256
@@ -181,13 +184,13 @@ hostname = name
 # storage devices:
 disk     = [ 'phy:hdb2,hdb2,w' ]</programlisting>
 
-        <para><filename>/etc/xen/auto/02-server</filename> — configuration
-        file for the lists domain</para>
+        <para><filename>/etc/xen/auto/02-lists</filename> — configuration file
+        for the lists domain</para>
 
         <programlisting>#  -*- mode: python; -*-
 
 # configuration name:
-name     = "server"
+name     = "lists"
 
 # usable ram:
 memory   = 512
@@ -249,7 +252,7 @@ disk     = [ 'phy:hdb4,hdb4,w' ]</programlisting>
 
       <para>SuSE 10.0 includes Xen 3.0 which does not support PCI delegation;
       I therefore use a bridged configuration with four bridges (one for each
-      network interface). When Shorewall starts during boot of Dom0, it
+      network interface). When Shorewall starts during bootup of Dom0, it
       creates the four bridges using this
       <filename>/etc/shorewall/init</filename> extension script:</para>
 
@@ -373,7 +376,7 @@ SECTION NEW
       <blockquote>
         <para>/etc/shorewall/shorewall.conf:</para>
 
-        <programlisting>TARTUP_ENABLED=Yes
+        <programlisting>STARTUP_ENABLED=Yes
 VERBOSITY=0
 LOGFILE=/var/log/firewall
 LOGFORMAT="Shorewall:%s:%s:"
@@ -475,8 +478,6 @@ OMAK=&lt;IP address at our second home&gt;
 
         <programlisting>echo 1 &gt; /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal</programlisting>
 
-        <para><filename>/</filename></para>
-
         <para><filename>/etc/shorewall/interfaces</filename>:</para>
 
         <programlisting>#ZONE   INTERFACE       BROADCAST               OPTIONS
@@ -490,11 +491,11 @@ vpn     tun+            -
 
         <programlisting>#EXTERNAL               INTERFACE       INTERNAL        ALL             LOCAL
 #                                                       INTERFACES
-206.124.146.178         $EXT_IF         192.168.1.5     No              No
+206.124.146.178         $EXT_IF         192.168.1.3     No              No
 206.124.146.180         $EXT_IF         192.168.1.6     No              No
 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</programlisting>
 
-        <para><filename>/etc/shorewall/masq (Note the cute drick here and in
+        <para><filename>/etc/shorewall/masq (Note the cute trick here and in
         the <filename>proxyarp</filename> file that follows that allows me to
         access the DSL "Modem" using it's default IP address
         (192.168.1.1))</filename>:</para>