[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Ideal(istic) Xen firewall design

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: "Dirk H. Schulz" <dirk.schulz@xxxxxxxxxxxxx>
Date: Fri, 12 Aug 2005 09:41:19 +0200
Delivery-date: Fri, 12 Aug 2005 07:40:16 +0000
List-id: Xen user discussion <xen-users.lists.xensource.com>

Marcus Brown schrieb:

Option C-v3

===========
                              Internet
                                 |
                               eth1
           ______________________|_______________________
           |        _____________|_______________       |
           |        |        Firewall           |       |
Local eth0 =|========|       (Shorewall)         |=======|= eth2 DMZ (optional)
           |        |___________________________|       |
           |               eth4  |  eth5                |
           | ______________  | eth3  |  _______________ |
           | | Web Server |  |   |   |  | iPaq Server | |
           | |  (Apache2) |  |   |   |  | (Bluetooth) |=|= USB Host #1
           | |____________|  |   |   |  |_____________| |  (for BT Dongle)
           |          eth0 \ |   |   | / eth0           |
           | _______________\|   |   |/                 |
           | | Mail Server | |   |   |                  |
           | |  (Courier)  | |   |   |                  |
           | |_____________| |   |   |                  |
           |          eth0  \|   |   |                  |
           |                 |   |   |                  |
           |                br1  |  br2                 |
           |                 !  br0  !                  |
           |        _____________|_____________         |
           |        |                         |         |
           |        |          dom0           |         |
           |________|_________________________|_________|


Thanks for the hint, I was just compiling vlan support into dom0 when
your message arrived, so you've probably saved me from wandering
further into a pointless excercise! :)
I'll start playing with dummies instead! lol

I will soon try something similar, so I try following the thread. :-)

What exactly is a dummy interface (I have found some hints on itsexistence, but nothing detailed)? And can I configure it like a realinterface in /etc/network/interfaces with "iface dummyX inet static ..."?

Regarding your drawing: Is the Firewall a xen guest system? And if yes,how did you transfer the real interfaces to it? If no, how is thefirewall separated from dom0?

I am afraid to come up with unqualified questions, but I just starteddigging into complex networking schemes.


Thanks for any hint or help.

Dirk

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] Ideal(istic) Xen firewall design
  - From: Marcus Brown

References:
- [Xen-users] Ideal(istic) Xen firewall design
  - From: Marcus Brown
- Re: [Xen-users] Ideal(istic) Xen firewall design
  - From: Andreas Seuss
- Re: [Xen-users] Ideal(istic) Xen firewall design
  - From: Marcus Brown
- Re: [Xen-users] Ideal(istic) Xen firewall design
  - From: Marcus Brown

Prev by Date: Re: [Xen-users] Ideal(istic) Xen firewall design
Next by Date: Re: [Xen-users] How to setup CONFIG_SCSI_SATA_VIA=y and CONFIG_SK98LIN=y on a custom xenlinux builds?
Previous by thread: Re: [Xen-users] Ideal(istic) Xen firewall design
Next by thread: Re: [Xen-users] Ideal(istic) Xen firewall design
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.