holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Update Xen Documentation

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3479 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-02-12 16:11:41 +00:00
parent 936c5f90f4
commit ec7fa4adcb
2 changed files with 25 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall-docs2/MultiISP.xml
View File

@ -15,7 +15,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2006-01-02</pubdate> <pubdate>2006-02-06</pubdate>
<copyright> <copyright>
<year>2005</year> <year>2005</year>
@ -212,7 +212,7 @@
be tracked so that responses may be routed back out this be tracked so that responses may be routed back out this
same interface.</para> same interface.</para>
<para>You want specify 'track' if internet hosts will be <para>You want to specify 'track' if internet hosts will be
connecting to local servers through this provider. Any time connecting to local servers through this provider. Any time
that you specify 'track', you will also want to specify that you specify 'track', you will also want to specify
'balance' (see below).</para> 'balance' (see below).</para>

28
Shorewall-docs2/Xen.xml
View File

@ -15,7 +15,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2006-01-01</pubdate> <pubdate>2006-02-02</pubdate>
<copyright> <copyright>
<year>2006</year> <year>2006</year>
@ -110,6 +110,17 @@
run at shorewall.net</ulink>.</para> run at shorewall.net</ulink>.</para>
</note> </note>
<section>
<title>/etc/shorewall/shorewall.conf</title>
<para>Because Xen uses normal Linux bridging, you must enable bridge
support in shorewall.conf</para>
<blockquote>
<programlisting>BRIDGING=Yes</programlisting>
</blockquote>
</section>
<section> <section>
<title>/etc/shorewall/zones</title> <title>/etc/shorewall/zones</title>
@ -119,8 +130,8 @@
<filename class="devicefile">xenbr0:vif0.0</filename>. In this case, I <filename class="devicefile">xenbr0:vif0.0</filename>. In this case, I
call this second zone <emphasis role="bold">ursa</emphasis> (which is call this second zone <emphasis role="bold">ursa</emphasis> (which is
the name given to the virtual system running in Domain 0); that zone the name given to the virtual system running in Domain 0); that zone
corresponds roughly to what is shown as the Extended Domain 0 corresponds to Domain 0 as seen from the outside in the diagram above
above.</para> (see more <link linkend="zones">below</link>).</para>
<blockquote> <blockquote>
<programlisting># OPTIONS OPTIONS <programlisting># OPTIONS OPTIONS
@ -216,10 +227,17 @@ Ping/ACCEPT dmz ursa</programlisting>
<para>Here, 192.168.0.0/22 comprises my local network.</para> <para>Here, 192.168.0.0/22 comprises my local network.</para>
<para>From the point of view of Shorewall, the zone diagram is as shown <para id="zones">From the point of view of Shorewall, the zone diagram
in the following diagram.</para> is as shown in the following diagram.</para>
<graphic align="center" fileref="images/Xen2.png" /> <graphic align="center" fileref="images/Xen2.png" />
<para>Note that the <emphasis role="bold">ursa</emphasis> zone subsumes
the <emphasis role="bold">fw</emphasis> zone because the <emphasis
role="bold">ursa</emphasis> zone is defined to be all systems that
interface to xenbr0's vif0.0 port — it is the rules governing traffic
to/from the <emphasis role="bold">ursa</emphasis> zone that protect the
firewall in this configuration.</para>
</section> </section>
</section> </section>
</article> </article>