******************************************************************* Debian 3.1 modified Xen Image with Nepenthes 0.2.0 by Alexandros Manakos HOWTO Install Image: Use with eisXen (easiest way): # wget template to /data/xen/templates # Create a new virtual machine with eisXen setup. ## eisXen: http://www.eisxen.org Manually with Xen 3.0.4 (Debian): * mkdir /etc/xen/templates * mkdir /etc/xen/images # download image to /etc/xen/templates * cd /etc/xen/images * dd if=/dev/zero of=/etc/xen/images/nepenthes.img bs=1024k count=2000 * dd if=/dev/zero of=/etc/xen/images/nepenthes.swap bs=1024k count=500 * mkfs.ext3 /etc/xen/images/nepenthes.img ## /etc/xen/images/nepenthes.img is not a block special device. ## Proceed anyway? (y,n) <-- y * mkswap /etc/xen/images/nepenthes.swap * mount -o loop /etc/xen/images/nepenthes.img /mnt * cd /mnt * tar xzvf /etc/xen/templates/nepenthes-domU.tar.gz . * chroot /mnt * passwd * base-config * vi /etc/network/interfaces * vi /etc/resolv.conf * exit * cp /mnt/boot/vmlinuz-2.6.16.33-xenU /boot/ * cd / * umount /mnt * vi /etc/xen/xmnepenthes ----------------------------------------------------------------- Configure virtual machinefile: # Paste this into the Nepenthes configuration file: # Kernel is needed in dom0 kernel = '/boot/vmlinuz-2.6.16.33-xenU' memory = 64 name = 'Nepenthes' vif = [ '' ] disk =[ 'file:/data/xen/images/nepenthes.img,hda1,w','file:/data/xen/images/nepenthes.swap,hda2,w' ] root = '/dev/hda1 ro' ----------------------------------------------------------------- Start your Nepenthes domU with „xm create -c /etc/xen/xmnepenthes Build your own domU kernel: You need the included kernel to get the Nepenthes with IPTables and the IP_QUEUE modules working. But if you want to run it with your own domU kernel just add the following into the kernel: Networking ---> Networking options ---> (*) Network packet filtering (replaces ipchains) ---> Core Netfilter Configuration ---> (*) Netfilter netlink interface (M) Netfilter Xtables support (M) MARK target Support (M) Some IPTables modules (M) Netfilter Xtables support Networking ---> Networking options ---> (*) Network packet filtering (replaces ipchains) ---> IP: Netfilter Configuration ---> IP tables support (and other for IPTables needed modules) --------------------- # instruction ## info * command (*) build into the kernel statically. (M) build as a kernel module. Contact: manakos@s3curity.de