From mboxrd@z Thu Jan  1 00:00:00 1970
From: Kurt Neufeld <kneufeld@burgundywall.com>
Subject: Re: howto set up a virtual firewall?
Date: Mon, 25 Feb 2008 20:23:47 +0000 (UTC)
Message-ID: <loom.20080225T201337-21@post.gmane.org>
References: <47BC2B85.7080404@burgundywall.com> <47BC2EA1.600@qumranet.com>
	<47BD1745.5080707@burgundywall.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: kvm-devel@lists.sourceforge.net
Return-path: <kvm-devel-bounces@lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/kvm-devel>,
	<mailto:kvm-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=kvm-devel>
List-Post: <mailto:kvm-devel@lists.sourceforge.net>
List-Help: <mailto:kvm-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/kvm-devel>,
	<mailto:kvm-devel-request@lists.sourceforge.net?subject=subscribe>
Sender: kvm-devel-bounces@lists.sourceforge.net
Errors-To: kvm-devel-bounces@lists.sourceforge.net
List-Id: kvm.vger.kernel.org

Kurt Neufeld <kneufeld <at> burgundywall.com> writes:
> 
> It turns out I did have everything correctly configured but it still 
> doesn't work. The problem is that I cannot get a DHCP address on my vm.

Almost correctly.

> Some general questions, should br0 be up or down? What should my vm MAC 
> be? The same as my physical card (peth) which is also the same as the 
> bridge (br0)? The vnet0 does not match. (output later)

br0 needs to be up. peth0 should have a different mac address. Found out this
breakthrough on a Xen page: http://wiki.xensource.com/xenwiki/XenNetworking

So I got it working and life is now good.

Here's my rc.local script (which will probably change slightly as I refine what
I'm trying accomplish).

rc.local:
	ifdown br0
	
	ip link set peth0 down
	ip link set peth0 address 00:ff:ff:ff:ff:00 arp off
	
	ifup peth0
	
	sleep 1
	
	ifup br0        # but with no ip address, new mac address
	
	route add default gw 192.168.5.254
	
	iptables -P FORWARD DROP
	iptables -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
	
	service libvirtd start


::::::::::::::
ifcfg-br0
::::::::::::::
DEVICE=br0
BOOTPROTO=none
ONBOOT=yes
TYPE=bridge

MACADDR=fe:ff:ff:ff:ff:00 # doesn't work unfortunately

::::::::::::::
ifcfg-peth0
::::::::::::::
# 3Com Corporation 3c900B-TPO Etherlink XL [Cyclone]
DEVICE=peth0
HWADDR=00:50:04:7F:B5:A3
ONBOOT=yes
BRIDGE=br0


So over the weekend I got a virtual smoothwall firewall up and running and also
a virtual CentOS 5 mail and http server. I can now upgrade my "desktop" with
virtual impunity. 

Thanks team.

Kurt



-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/