+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 31
Internet Related/Filtering/Firewall Thread, Smoothwall and Xen in Technical; Been distracted since I first saw this thread this morning, so apologies for the delay. I've always had great difficultly ...
  1. #16

    rob_f's Avatar
    Join Date
    May 2008
    Location
    Leeds
    Posts
    232
    Thank Post
    16
    Thanked 76 Times in 58 Posts
    Rep Power
    26
    Been distracted since I first saw this thread this morning, so apologies for the delay. I've always had great difficultly determining what people are talking about with the difference between (using aforementioned terminology) "hardcore" Xen and citrix Xen. I've only used the Citrix one which was effortless to install SW software.

    Now I haven't had the pleasure of getting my hands dirty with the hardcore stuff, but I gather from one of my colleagues that

    Quote Originally Posted by dhicks View Post
    The VM's config file configures networking in the following way:

    Code:
    vif = ['type=ioemu, bridge=xenbr0', 'type=ioemu, bridge=xenbr1']
    causes problems as Xen likes to give it a new MAC address every time it reboots. Smoothie currently evaluates this as a new network card and hence causes all sorts of problems.

    I am lead to believe that doing something like

    Code:
    vif = [ 'type=ioemu, bridge=eth0, mac=00:16:3E:23:8D:36' ]
    to hard-code a MAC address in there will stop this. That's the way VMware and the like configure their VMs.

    As I said though, i've yet to try this myself - I'll have a chat with the main guy here who deals with the hardcore xen stuff when he returns from a brief hol on Monday if there's anything else.

    And to reiterate, Citrix Xenserver seems trouble free. If only the naming wasn't as confusing.

  2. Thanks to rob_f from:

    dhicks (26th November 2009)

  3. #17

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,770
    Thank Post
    1,308
    Thanked 804 Times in 698 Posts
    Rep Power
    246
    Quote Originally Posted by rob_f View Post
    Xen likes to give it a new MAC address every time it reboots
    Indeed. Typed the previous message, thought "hang on a minute...", changed the VM's configuration, all works fine now. Then checked back here and found the answer waiting for me :-)

    Incedently, I also had a bit of a problem getting SmoothWall to see the harddisks provided by Xen. In the end, this worked:

    Code:
    disk = ['file:/mnt/ACSGATEWAY003OS/ACSGATEWAY003OS.img,ioemu:hda,w']
    I.e. a file sat on an ext2 filesystem contained in an LVM volume, which is probably a few more layers of adstraction than is stricly healthy.

    --
    David Hicks

  4. #18

    Join Date
    Dec 2008
    Location
    Nottingham
    Posts
    575
    Thank Post
    38
    Thanked 115 Times in 105 Posts
    Rep Power
    47
    My random wondering from earlier was correct

  5. Thanks to Willott from:

    rob_f (26th November 2009)

  6. #19
    Danielbarron's Avatar
    Join Date
    Feb 2009
    Posts
    21
    Thank Post
    0
    Thanked 5 Times in 4 Posts
    Rep Power
    12
    I've been looking at SmoothWall (primarily Guardian filtering) on Amazon Cloud. I got it working but it's a lot of effort. Once working it's great and can provide a nice cluster (resizeable easily) of load balanced Guardians authing against, for example, an Active Directory. But initial set up is very hard. Making it not hard is high on our priority list. The reason it's hard includes issues like AC does not have a console so it's not possible to interactively solve networking issues if you can't ssh to it. They also don't allow you to run your own Kernel.

    Imran has Network Guardian working on a standard Debian with standard apt-get-able xen. The NG requires no modifications and works happily and can have updates including new kernels and reboot and is great. This is in un-modified guest mode. He had to do things like robf listed like give it a static mac address and some networking stuff I don't understand. But these were just config options and the NG is unmodified and fully standard production.

  7. Thanks to Danielbarron from:

    tom_newton (27th November 2009)

  8. #20

    Join Date
    Dec 2008
    Location
    Nottingham
    Posts
    575
    Thank Post
    38
    Thanked 115 Times in 105 Posts
    Rep Power
    47
    Hi Daniel,

    I've spoken to Imran before, and he was also looking to get the kernel modified to allow for full xen support and better speed (it does seem to run fairly slowly in Xen currently), so when there's a beta, we'd be more than happy to test it for you!

    Amazon cloud sounds very interesting - would you be looking to load balance through RRDNS or some form of IP load balancing? Sounds like it may be a very good base for an ISP filtering solution!

    Cheers

    Will

  9. #21
    Danielbarron's Avatar
    Join Date
    Feb 2009
    Posts
    21
    Thank Post
    0
    Thanked 5 Times in 4 Posts
    Rep Power
    12
    Quote Originally Posted by Willott View Post
    I've spoken to Imran before, and he was also looking to get the kernel modified to allow for full xen support and better speed (it does seem to run fairly slowly in Xen currently), so when there's a beta, we'd be more than happy to test it for you!
    It does not feel like it's slow although I've done no specific tests. Yes Imran was going to do that at some point. However I beat him to it with AC which is one way. Another is to add the xen patches to the kernel. When there is anything to test I will let you know but it will be some time away.


    Quote Originally Posted by Willott View Post
    Amazon cloud sounds very interesting - would you be looking to load balance through RRDNS or some form of IP load balancing? Sounds like it may be a very good base for an ISP filtering solution!
    AC provides a load balancer. Info here: Elastic Load Balancing

    Works great.

  10. #22

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,770
    Thank Post
    1,308
    Thanked 804 Times in 698 Posts
    Rep Power
    246
    Quote Originally Posted by Danielbarron View Post
    Once working it's great and can provide a nice cluster (resizeable easily) of load balanced Guardians authing against, for example, an Active Directory.
    Could a school (or LA) use this to provide a filtered connection from home - give pupils laptops usable at home and school that always went through an Amazon Cloud-based filter?

    Does the Active Directory server also have to be cloud based, or does that run on servers inside the school somewhere?

    --
    David Hicks

  11. #23


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,507
    Thank Post
    871
    Thanked 862 Times in 681 Posts
    Rep Power
    199
    Quote Originally Posted by dhicks View Post
    Could a school (or LA) use this to provide a filtered connection from home - give pupils laptops usable at home and school that always went through an Amazon Cloud-based filter?
    Theoretically, yes. We do hope to do something like this in time. We may be up for a spot of further experimentation to see where we need to improve. If this is something that you'd be really interested in, PM me or daniel, can't promise anything but we will certainly take a look at the idea with you.

    Does the Active Directory server also have to be cloud based, or does that run on servers inside the school somewhere?
    Pass. That's one of the questions we'd need to answer. Certainly some method of securing the link between AD and filter is required - though amazon I believe offer a VPN. Wether the present (or next-gen (SOON!)) auth daemon would perform well over latent links isnt something we have tried - so it may need an alternate method, or maybe some fiddling with the auth cache. Again, this is on our "to play with" list, and we would welcome your input.

  12. #24
    Danielbarron's Avatar
    Join Date
    Feb 2009
    Posts
    21
    Thank Post
    0
    Thanked 5 Times in 4 Posts
    Rep Power
    12
    Quote Originally Posted by dhicks View Post
    Could a school (or LA) use this to provide a filtered connection from home - give pupils laptops usable at home and school that always went through an Amazon Cloud-based filter?
    Yes. You could do the same with a cluster of hosted NG on VMs or real boxes too. I have a test set up if you want to try it PM me.

    Quote Originally Posted by dhicks View Post
    Does the Active Directory server also have to be cloud based, or does that run on servers inside the school somewhere?
    Amazon provide VPN from the cloud to your LAN. Although I've not yet tried it. The AD could be on your LAN or in the cloud. The one I set up was in the cloud. Actually you could have one on the LAN and a VPN to one in the cloud in the same domain.

    Once filtering is hosted/cloud you will need some way of authenticating the user so it knows that you, first of all, have permission to use the proxy and which policy to apply and who you are for reporting and logging purposes. On a LAN you can use NTLM and thus have single sign-on and nothing to do when you start web browsing. To solve this for hosted you have to use auth methods that can go through the internet and it may require client software to do this depending on what you want to do. Plus a roaming laptop may be more tricky to lock down compared to a static PC on a LAN. So there's a number of interesting and different challenges.

  13. #25

    Join Date
    Dec 2009
    Location
    Phx,az
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Smoothwall on xen

    Hi all,
    I'm new to xen and trying to run smoothwall express as a guest host on a Debian install with xen. At some point I might also install windows home server as a guest but right now my interest goes to the smoothwall install.
    From what I understand I can install guest os's paravirtualized or the HVM way. I'm guessing smoothwall will have to go HVM but wanted to check out this thread since you seem to do this already.
    Do any of you have a config file for smoothwall and am I going the right direction ?
    And yes, I am well aware that people advice to run smoothwall on its own hardware. I still like to try this.

    Thanks

  14. #26


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,507
    Thank Post
    871
    Thanked 862 Times in 681 Posts
    Rep Power
    199
    Yeah - you're right - paravirtualization won't work... yet

  15. #27

    Join Date
    Dec 2009
    Location
    Phx,az
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by tom_newton View Post
    Yeah - you're right - paravirtualization won't work... yet
    Come on, spill the beans :-)

  16. #28


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,507
    Thank Post
    871
    Thanked 862 Times in 681 Posts
    Rep Power
    199
    Quote Originally Posted by az_r2d1 View Post
    Come on, spill the beans :-)
    Next "full" (not feature pack) release. No news just yet, but you will hear it here 1st

  17. #29

    Join Date
    Dec 2009
    Location
    Phx,az
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by tom_newton View Post
    Next "full" (not feature pack) release. No news just yet, but you will hear it here 1st
    Thanks Tom,
    When is that expected, roughly ?
    I assume this will also be available in SE ?

  18. #30


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,715
    Thank Post
    288
    Thanked 789 Times in 616 Posts
    Rep Power
    226
    Quote Originally Posted by tom_newton View Post
    Next "full" (not feature pack) release. No news just yet, but you will hear it here 1st
    Hmm, how cost-effective is it to get you drunk enough at Bett to spill the beans? What's the beer-to-information ratio?



SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. Xen essentials price?
    By j17sparky in forum Thin Client and Virtual Machines
    Replies: 5
    Last Post: 22nd September 2009, 01:17 PM
  2. Xen Desktop
    By imiddleton25 in forum Thin Client and Virtual Machines
    Replies: 0
    Last Post: 29th August 2009, 12:38 PM
  3. Backup Xen VMs
    By cookie_monster in forum Thin Client and Virtual Machines
    Replies: 2
    Last Post: 28th July 2009, 04:50 PM
  4. [Fedora] Xen
    By Arcath in forum *nix
    Replies: 3
    Last Post: 25th June 2009, 06:47 PM
  5. Replies: 11
    Last Post: 27th January 2009, 08:24 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •