I think he's trying to run a routing machine in a domU, much like I am
currently (successfully!) doing, doing proxyarp between eth0 and another
interface (in my case, tun0).
The answer to your question is Yes - for all intents and purposes the Xen
bridge should behave just like a real, physical ethernet switch. I advise
you to be careful of your routing, though - because you'll no doubt be
proxyarping addresses from the same subnet as the domUs run on, if you're
not careful you could end up sending packets destined for other domUs over
your other interface (eg tun0). This would cause weird, annoying issues with
being unable to ping your other machines in the Xen bridge, but this is more
of a general pitfall of not doing routing properly than a Xen-specific
issue.
Although please let me know if you're trying to do something different - on
rereading the question it sounds like you're trying to use a domU as a
shorewall machine doing proxyarp for other domUs (and presumably do
port-based filtering or something to control the traffic that ends up at
them). This sort of thing would be *much* easier to do in the dom0, in my
opinion.
Please rephrase the question and provide a diagram :-)
Thanks,
Jan
On 15/06/07, Tom Eastep <[EMAIL PROTECTED]> wrote:
Lars E. D. Jensen wrote:
> Hello list
>
> I'm considering moving shorewall to a xen domu and the using the Proxy
ARP
> method (we use NAT today).
>
> Is it possible to have a Proxy ARP firewall inside a domu serving
requests
> to other domus with public IP-addresses placed on separate hardware (not
the
> hardware the domu with the firewall is on) ?
I don't understand the question. Can you draw us a diagram?
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
