XenServer Firewall



  • hello gyus,
    i am trying to create a linux firewall vm in xenserver. i tried smoothwall but it requires HVM mode to operate. then i tried ipcop but i get the following error when i try to boot the vm

    message": "BOOTLOADER_FAILED(OpaqueRef:c5c82f4f-3617-7117-5aae-a8f728d1eac6, Could not access file:///tmp/cdrom-repo-iwXsXl/isolinux/vmlinuz\n)",
    "stack": "XapiError: BOOTLOADER_FAILED(OpaqueRef:c5c82f4f-3617-7117-5aae-a8f728d1eac6, Could not access file:///tmp/cdrom-repo-iwXsXl/isolinux/vmlinuz\n)\n at wrapError (/home/deloitte/xo-server/node_modules/xen-api/src/index.js:92:34)\n at /home/deloitte/xo-server/node_modules/xen-api/src/index.js:145:12\n at tryCatcher (/home/deloitte/xo-server/node_modules/bluebird/js/release/util.js:16:23)\n at Promise._settlePromiseFromHandler (/home/deloitte/xo-server/node_modules/bluebird/js/release/promise.js:510:31)\n at Promise._settlePromise (/home/deloitte/xo-server/node_modules/bluebird/js/release/promise.js:567:18)\n at Promise._settlePromise0 (/home/deloitte/xo-server/node_modules/bluebird/js/release/promise.js:612:10)\n at Promise._settlePromises (/home/deloitte/xo-server/node_modules/bluebird/js/release/promise.js:691:18)\n at Async._drainQueue (/home/deloitte/xo-server/node_modules/bluebird/js/release/async.js:133:16)\n at Async._drainQueues (/home/deloitte/xo-server/node_modules/bluebird/js/release/async.js:143:10)\n at Immediate.Async.drainQueues (/home/deloitte/xo-server/node_modules/bluebird/js/release/async.js:17:14)",
    "code": "BOOTLOADER_FAILED",
    "params": [
    "OpaqueRef:c5c82f4f-3617-7117-5aae-a8f728d1eac6",
    "Could not access file:///tmp/cdrom-repo-iwXsXl/isolinux/vmlinuz\n"
    ]



  • Why are you missing HVM? And why are you playing with things like SmoothWall? VyOS is the logical firewall choice to run on top of XenServer. pfSense would be okay, but will require HVM as nearly anything prepackaged or non-Linux will.



  • I am missing HVM as my XenServer host is installed in VirtualBox. i tried even pfsense, but it requires HVM as you say. let me try VyOS . Can you tell me what template to select when installing VyOS ?



  • @Alket_tux said in XenServer Firewall:

    Can you tell me what template to select when installing VyOS ?

    Offhand, no. Maybe RHEL or Ubuntu. It's modern Linux, but a different one. Not sure if it will do PV or not, but I think that it will.



  • Based on Debian. Not sure if its Wheezy(7) or Jessie(8).
    https://wiki.vyos.net/wiki/FAQ#What_is_VyOS.3F



  • Also the template for Debian Jessie is HVM. If VyOS is based on Debian Wheezy then you would choose the template for Wheezy since that is PV.



  • @black3dynamite it does not work with debian either. my guess is that XenServer searches for the linux kernel on the path that debian should have it, but VyOS has the kernel on another path..
    is there a way to tell xen to search for a certain kernel path?

    will this work?
    xe vm-param-set uuid=<VM uuid> PV-bootloader-args="--kernel <kernel location> --ramdisk <initrd location>"



  • Being stuck with PV only is a pretty major limitation today. XS does not really intend for you to use that right now, now that the performance of HVM has surpassed it (momentarily.) It is expected to make a major come back, but for the moment, it's kind of a dormant product.



  • @scottalanmiller The comeback you're talking about is PVHVM?



  • @black3dynamite said in XenServer Firewall:

    @scottalanmiller The comeback you're talking about is PVHVM?

    That's the old. They need to port that tech back to PV and then it should be blinding new speed after that.


Log in to reply