{"id":25,"date":"2007-02-09T11:33:00","date_gmt":"2007-02-09T18:33:00","guid":{"rendered":"http:\/\/blog.brandonking.net\/?p=25"},"modified":"2009-07-09T15:01:45","modified_gmt":"2009-07-09T22:01:45","slug":"xen-routed-network-shorewall-qemu","status":"publish","type":"post","link":"https:\/\/brandonking.net\/blog\/2007\/02\/09\/xen-routed-network-shorewall-qemu\/","title":{"rendered":"xen + routed network (shorewall) + qemu"},"content":{"rendered":"<p>After setting up <a href=\"http:\/\/www.cl.cam.ac.uk\/research\/srg\/netos\/xen\/\">xen<\/a> and configuring <a href=\"http:\/\/buildbot.sourceforge.net\/\">buildbot<\/a> on a xen guest domain, I decided it was time to bite the bullet and setup <a href=\"http:\/\/www.shorewall.net\/\">shorewall<\/a> to hide the xen guest domains behind a private network.<\/p>\n<p>By the way, there are some nice guides on setting up shorewall with xen:<\/p>\n<ul>\n<li><a href=\"http:\/\/www.shorewall.net\/XenMyWay-Routed.html\">Strong Firewall in a Routed Xen Dom0<\/a><\/li>\n<li><a href=\"http:\/\/www.shorewall.net\/XenMyWay.html\">Xen and the Art of Consolidation<\/a><\/li>\n<li><a href=\"http:\/\/www.shorewall.net\/Xen.html\">Xen and Shorewall<\/a><\/li>\n<\/ul>\n<p>In the process I had to reconfigure Xen to use routed networking rather then bridged:<\/p>\n<p>Changed (\/etc\/xen\/xend-config.sxp) from:<\/p>\n<blockquote><p>(network-script network-bridge)<br \/>\n(vif-script vif-bridge)<\/p><\/blockquote>\n<p>To:<\/p>\n<blockquote><p>(network-script network-route)<br \/>\n(vif-script     vif-route)<\/p><\/blockquote>\n<p>After setting up shorewall properly and being able to log into two different Debian etch guest domains, I noticed that my previously working WinXP hvm was not starting up properly. When I looked into it further I found the following in \/var\/log\/xen\/qemu-dm.11384.log<\/p>\n<blockquote><p>domid: 20<br \/>\nqemu: the number of cpus is 1<br \/>\n\/etc\/xen\/scripts\/qemu-ifup: could not launch network script<br \/>\nCould not initialize device &#8216;tap&#8217;<\/p><\/blockquote>\n<p>Tap device cure (<a href=\"http:\/\/qemu-forum.ipi.fi\/viewtopic.php?p=9260&amp;sid=494a2df12b48a1e8fdca8ae0e7bfb752\">found here<\/a>):<\/p>\n<blockquote style=\"font-weight: bold;\"><p>tunctl -t tap0<\/p><\/blockquote>\n<p>The final piece of the puzzle (since I&#8217;m using the routed script with xen)&#8230;<\/p>\n<blockquote><p>Comment out &#8220;<span style=\"font-weight: bold;\">brctl addif $2 $<\/span>&#8221; from \/etc\/xen\/scripts\/qemu-ifup as mentioned by George in <a href=\"http:\/\/lists.xensource.com\/archives\/html\/xen-users\/2006-12\/msg00448.html\">this mailing list thread<\/a>.<\/p><\/blockquote>\n<p><span style=\"font-weight: bold;\">UPDATE (2007Feb12):<\/span> By doing the above two tasks, I was able to launch WinXP under Xen, but I did not have shorewall setup properly. To save time and money, I&#8217;m going with the simpler route of buying a hardware firewall\/router. I will leave the information above incase it is useful to anyone (including myself) in the future.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>After setting up xen and configuring buildbot on a xen guest domain, I decided it was time to bite the bullet and setup shorewall to hide the xen guest domains behind a private network. By the way, there are some nice guides on setting up shorewall with xen: Strong Firewall in a Routed Xen Dom0 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,15,4,10,11],"tags":[35,47,50,52,58,66],"class_list":["post-25","post","type-post","status-publish","format-standard","hentry","category-computers_it","category-error-fixes","category-linux-it","category-sysadmin","category-virtual_machines","tag-firewall","tag-nat","tag-qemu","tag-routed","tag-shorewall","tag-xen"],"_links":{"self":[{"href":"https:\/\/brandonking.net\/blog\/wp-json\/wp\/v2\/posts\/25","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/brandonking.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/brandonking.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/brandonking.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/brandonking.net\/blog\/wp-json\/wp\/v2\/comments?post=25"}],"version-history":[{"count":2,"href":"https:\/\/brandonking.net\/blog\/wp-json\/wp\/v2\/posts\/25\/revisions"}],"predecessor-version":[{"id":84,"href":"https:\/\/brandonking.net\/blog\/wp-json\/wp\/v2\/posts\/25\/revisions\/84"}],"wp:attachment":[{"href":"https:\/\/brandonking.net\/blog\/wp-json\/wp\/v2\/media?parent=25"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/brandonking.net\/blog\/wp-json\/wp\/v2\/categories?post=25"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/brandonking.net\/blog\/wp-json\/wp\/v2\/tags?post=25"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}