Bridge setup for multiple Xen VMs
We have recently had two new ADSL connections hooked up which we want to combine with a load balancer / failover router. We also want filtering. ZeroShell can do the load-balancing between two ADSL connections, and SmoothWall can do the filtering. I've set up virtual machines for both on a single physical server which has three network connections - one for out LAN, and one leading to each ADSL router.
The ZeroShell virtual machine has three virtual network interfaces - 192.168.0.1 and 192.168.1.1 for the ADSL routers and 10.0.0.4. The SmoothWall VM has two virtual network interfaces - 10.0.0.3 for the internal network and 10.0.0.5 for external.
All I have to do is get SmoothWall's 10.0.0.5 and ZeroShell's 10.0.0.3 talking to each other. This works just fine if I place both VM's network connections in the same, default, virtual bridge (xenbr0). However, if I move the virtual interfaces assigned to 10.0.0.3 and 10.0.0.5 to their own bridge, SmoothWall can't see the ZeroShell VM and has no connection to the outside world.
Obviously I don't want the ZeroShell machine available to the LAN, otherwise people could simply set it as their gateway server and bypass the SmoothWall filtering server. Has anyone any idea what I'm doing wrong? Is there something I've forgotten to configure when setting up the virtual interfaces, or the virtual bridge? Network bridges are set up in /etc/rc.local:
Do I need to add something to that last line? From reading the brctl man page, I get the impression that bridges set up via brctl act just like old network hubs - all network traffic on each port is replicated to all the other ports. Is that correct, or am I missing something?
/etc/xen/scripts/network-bridge start vifnum=0
/etc/xen/scripts/network-bridge start vifnum=1
/etc/xen/scripts/network-bridge start vifnum=2
brctl addbr xenbr3