diff --git a/docs/Shorewall-4.xml b/docs/Shorewall-4.xml
index e5c6b5c22..2a2304bfd 100644
--- a/docs/Shorewall-4.xml
+++ b/docs/Shorewall-4.xml
@@ -271,6 +271,17 @@
4.0.5.
+
+
+ Shorewall-common 4.0.6
+
+ Shorewall-shell 4.0.5 - 4.0.6
+
+ Shorewall-perl 4.0.5 - 4.0.6
+ Shorewall-perl 4.0.6 also requires Shorewall-lite 4.0.5
+ or later.
+
+
diff --git a/docs/XenMyWay-Routed.xml b/docs/XenMyWay-Routed.xml
index da6e44095..60bad440f 100644
--- a/docs/XenMyWay-Routed.xml
+++ b/docs/XenMyWay-Routed.xml
@@ -309,6 +309,56 @@ bootentry = 'hda2:/boot/vmlinuz-xen,/boot/initrd-xen'
+ Instructions for editing entries in the Xen 3.1 xend database may
+ be found at http://www.novell.com/documentation/vmserver/config_options/index.html?page=/documentation/vmserver/config_options/data/b8uh3zr.html,
+ The following are excerpts from the XML representations of the two user
+ domains (produced by "xm list -l …").
+
+ lists domain:
+ …
+ (features )
+ (on_xend_start start)
+ (on_xend_stop shutdown)
+ (start_time 1194710550.49)
+ …
+ (console_mfn 397179)
+ (device
+ (vif
+ (mac 00:16:3e:b1:d7:90)
+ (script vif-route)
+ (ip 206.124.146.177)
+ (vifname eth3)
+ (type netfront)
+ (devid 0)
+ (uuid 55676385-7b69-09fd-4027-751b692ead75)
+ )
+ )
+ (device
+ (vbd
+ …
+
+
+ test domain:
+ …
+ (console_mfn 418003)
+ (device
+ (vif
+ (uuid 64a1dd48-fa8b-7561-e90b-cd589cbeb7fa)
+ (script vif-route)
+ (ip 192.168.1.7)
+ (mac 00:16:3e:83:ad:28)
+ (vifname eth4)
+ (devid 0)
+ (type netfront)
+ (backend 0)
+ )
+ )
+ (device
+ (vbd
+…
+
+
With the three Xen domains up and running, the system looks as
shown in the following diagram.
@@ -317,6 +367,24 @@ bootentry = 'hda2:/boot/vmlinuz-xen,/boot/initrd-xen'
The zones correspond to the Shorewall zones in the Dom0
configuration.
+ Readers who are paying attention will notice that eth4 has the
+ same public IP address (206.124.146.176) as eth0 (and eth3), yet the
+ test system connected to that interface
+ has an RFC 1918 address (192.168.1.7). That configuration is established
+ by Xen which clones the primary IP address of eth0 on all of the routed
+ virtual interfaces that it creates. test is configured with it's default route via
+ 192.168.1.254 which is the IP address of the firewall's br0. That works
+ because of the way that the Linux network stack treats local IPv4
+ addresses; by default, it will respond to ARP "who-has" broadcasts for
+ any local address and not just for the addresses on the interface that
+ received the broadcast (but of course the MAC address returned in the
+ "here-is" response is that of the interface that received the
+ broadcast). So when test broadcasts
+ "who-has 192.168.1.254", the firewall responds with "here-is
+ 192.168.1.254 00:16:3e:83:ad:28" (00:16:3e:83:ad:28 is the MAC of
+ virtual interface eth4).
+
Under some circumstances, UDP and/or TCP communication from a
DomU won't work for no obvious reason. That happened with the
@@ -377,24 +445,6 @@ bootentry = 'hda2:/boot/vmlinuz-xen,/boot/initrd-xen'
by the DHCP server running in Dom0 and when they are attached
wirelessly, the IP address is assigned by OpenVPN.
- Readers who are paying attention will notice that eth4 has the
- same public IP address (206.124.146.176) as eth0 (and eth3), yet the
- test system connected to that interface
- has an RFC 1918 address (192.168.1.7). That configuration is established
- by Xen which clones the primary IP address of eth0 on all of the routed
- virtual interfaces that it creates. test is configured with it's default route via
- 192.168.1.254 which is the IP address of the firewall's br0. That works
- because of the way that the Linux network stack treats local IPv4
- addresses; by default, it will respond to ARP "who-has" broadcasts for
- any local address and not just for the addresses on the interface that
- received the broadcast (but of course the MAC address returned in the
- "here-is" response is that of the interface that received the
- broadcast). So when test broadcasts
- "who-has 192.168.1.254", the firewall responds with "here-is
- 192.168.1.254 00:16:3e:83:ad:28" (00:16:3e:83:ad:28 is the MAC of
- virtual interface eth4).
-
The Shorewall configuration files are shown below. All routing and
secondary IP addresses are handled in the OpenSuSE network
configuration.
diff --git a/docs/images/Xen4a.dia b/docs/images/Xen4a.dia
index c1a81f987..8e6ab554e 100644
Binary files a/docs/images/Xen4a.dia and b/docs/images/Xen4a.dia differ
diff --git a/docs/images/Xen4a.png b/docs/images/Xen4a.png
index a7a2f9361..f13ec1d6f 100755
Binary files a/docs/images/Xen4a.png and b/docs/images/Xen4a.png differ