dhicks (26th November 2009)
Been distracted since I first saw this thread this morning, so apologies for the delay. I've always had great difficultly determining what people are talking about with the difference between (using aforementioned terminology) "hardcore" Xen and citrix Xen. I've only used the Citrix one which was effortless to install SW software.
Now I haven't had the pleasure of getting my hands dirty with the hardcore stuff, but I gather from one of my colleagues that
I am lead to believe that doing something like
to hard-code a MAC address in there will stop this. That's the way VMware and the like configure their VMs.Code:vif = [ 'type=ioemu, bridge=eth0, mac=00:16:3E:23:8D:36' ]
As I said though, i've yet to try this myself - I'll have a chat with the main guy here who deals with the hardcore xen stuff when he returns from a brief hol on Monday if there's anything else.
And to reiterate, Citrix Xenserver seems trouble free. If only the naming wasn't as confusing.
dhicks (26th November 2009)
Incedently, I also had a bit of a problem getting SmoothWall to see the harddisks provided by Xen. In the end, this worked:
I.e. a file sat on an ext2 filesystem contained in an LVM volume, which is probably a few more layers of adstraction than is stricly healthy.Code:disk = ['file:/mnt/ACSGATEWAY003OS/ACSGATEWAY003OS.img,ioemu:hda,w']
My random wondering from earlier was correct
rob_f (26th November 2009)
I've been looking at SmoothWall (primarily Guardian filtering) on Amazon Cloud. I got it working but it's a lot of effort. Once working it's great and can provide a nice cluster (resizeable easily) of load balanced Guardians authing against, for example, an Active Directory. But initial set up is very hard. Making it not hard is high on our priority list. The reason it's hard includes issues like AC does not have a console so it's not possible to interactively solve networking issues if you can't ssh to it. They also don't allow you to run your own Kernel.
Imran has Network Guardian working on a standard Debian with standard apt-get-able xen. The NG requires no modifications and works happily and can have updates including new kernels and reboot and is great. This is in un-modified guest mode. He had to do things like robf listed like give it a static mac address and some networking stuff I don't understand. But these were just config options and the NG is unmodified and fully standard production.
tom_newton (27th November 2009)
I've spoken to Imran before, and he was also looking to get the kernel modified to allow for full xen support and better speed (it does seem to run fairly slowly in Xen currently), so when there's a beta, we'd be more than happy to test it for you!
Amazon cloud sounds very interesting - would you be looking to load balance through RRDNS or some form of IP load balancing? Sounds like it may be a very good base for an ISP filtering solution!
Elastic Load Balancing
Does the Active Directory server also have to be cloud based, or does that run on servers inside the school somewhere?
Pass. That's one of the questions we'd need to answer. Certainly some method of securing the link between AD and filter is required - though amazon I believe offer a VPN. Wether the present (or next-gen (SOON!)) auth daemon would perform well over latent links isnt something we have tried - so it may need an alternate method, or maybe some fiddling with the auth cache. Again, this is on our "to play with" list, and we would welcome your input.Does the Active Directory server also have to be cloud based, or does that run on servers inside the school somewhere?
Once filtering is hosted/cloud you will need some way of authenticating the user so it knows that you, first of all, have permission to use the proxy and which policy to apply and who you are for reporting and logging purposes. On a LAN you can use NTLM and thus have single sign-on and nothing to do when you start web browsing. To solve this for hosted you have to use auth methods that can go through the internet and it may require client software to do this depending on what you want to do. Plus a roaming laptop may be more tricky to lock down compared to a static PC on a LAN. So there's a number of interesting and different challenges.
I'm new to xen and trying to run smoothwall express as a guest host on a Debian install with xen. At some point I might also install windows home server as a guest but right now my interest goes to the smoothwall install.
From what I understand I can install guest os's paravirtualized or the HVM way. I'm guessing smoothwall will have to go HVM but wanted to check out this thread since you seem to do this already.
Do any of you have a config file for smoothwall and am I going the right direction ?
And yes, I am well aware that people advice to run smoothwall on its own hardware. I still like to try this.
Yeah - you're right - paravirtualization won't work... yet
There are currently 1 users browsing this thread. (0 members and 1 guests)