OK, I finally managed to figure out what was going haywire in my Xen configuration. It turns out that if you have a routed Xen setup and are using a non-default network interface in dom0 (i.e., something other than eth0), you need to explicitly pass the interface name (via a netdev= parameter) to BOTH network-route AND vif-route. I hadn't realized it was necessary to give the netdev= parameter to vif-route.
After adding this parameter, I was able to set up Shorewall to do SNAT on outbound connections from my domU's (absolutely essential if they were going to be able to connect out to the Internet). Hopefully this tidbit of knowledge can be mentioned in some FAQ's and how-to's, so other people won't need to suffer the way I did (and perhaps just give up like I almost did). -- Rich Wales === Palo Alto, CA, USA === [EMAIL PROTECTED] http://www.richw.org === http://en.wikipedia.org/wiki/User:Richwales ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
