Re: [Xen-users] Need support for xen network configuration

["Mitch (BitBlock)" <mitch@xxxxxxxxxxxx>]

That's the CIDR netmask.
24 = 255.255.255.0 
8 bits plus 8 bits plus 8 bits = 24 bits

-----Original Message-----
From: xen-users-bounces@xxxxxxxxxxxxx [mailto:xen-users-bounces@xxxxxxxxxxxxx] 
On Behalf Of lee
Sent: July 9, 2014 7:47 PM
To: xen-users@xxxxxxxxxxxxx
Subject: Re: [Xen-users] Need support for xen network configuration

Simon Hobson <linux@xxxxxxxxxxxxxxxx> writes:

> Alexandre Kouznetsov <alk@xxxxxxxxxx> wrote:
>
>> For sake of security, your scenario will be better if you manage to add a 
>> second physical interface. Make eth0 to be "internal" and eth1 to be 
>> "external".
>> For sake of sanity, separate your different IP networks into different 
>> broadcast domain, VLAN is the most suitable option if they are to share the 
>> same physical port.
>
> +1 for that
>
>> If you still wish your DomU to have a second (public) IP address, add a 
>> alias section:
>
> Rather than add aliases, AIUI it's now preferred to just add addresses 
> (whether in the same subnet or a different one).
> So something like :
> iface eth0 inet static
>   address 192.168.1.1
>   ...
>   post up ip addr add address 192.168.1.7/24
>   post up ip addr add address 10.0.0.1/24

/24?

The bridge needs to have the IP addresses, *not* the physical interface.

The physical interface needs to be added to the bridge.  It does not need to 
(should not) have an IP address itself.

Please be aware that a bridge is a bridge.  When you do this, you connect all 
these different networks with each other.  That is probably
*not* what you want.

See also: http://www.shorewall.net/three-interface.htm


--
Knowledge is volatile and fluid.  Software is power.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users