[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Ideal(istic) Xen firewall design

  • To: Marcus Brown <marcusbrutus@xxxxxxxxxxxxxxxx>
  • From: Nicholas Lee <emptysands@xxxxxxxxx>
  • Date: Sat, 13 Aug 2005 15:11:29 +1200
  • Cc: bgb@xxxxxxxxx, xen-users@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Sat, 13 Aug 2005 03:09:52 +0000
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=teYfR2/JC1pwpOYrFUJ41H7qQtA7HSF9epZUlnkLax2cKh0iWhhmFXiL0/6XyiDKD+lLXMDxMtYARSzEMhOZHG9b83mJKotkaumCBbWX5Y5JiSSD7b9H3R05/GgWAMPZJzb1PlmTE9KB2ZB4k4oMgPMWia8yGgTAHBOtabJO9hU=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>

On 8/12/05, Marcus Brown <marcusbrutus@xxxxxxxxxxxxxxxx> wrote:
> I understand from various postings that I need to manually create the
> extra bridges before bringing up the Firewall domain.
> I guess I could do that in a number of ways,
> but is there a 'Xen approved' method?

I'm not doing the firewall with Xen thing yet, but this is what I've
done for both Xen and UML for my 'virutal internal' networks:

auto internal-br
iface internal-br inet static
        bridge_ports eth1
        bridge_fd 0
        bridge_hello 1
        bridge_stp off
        up route add -net gw
        down route del -net gw

Note, in your setup you might use dummy0/1 instead of eth1 in the
above.  I leave the default xen-br to xen itself to configure.

I used dummy interfaces succesfully with UML, I'm not sure how well
they would work with Xen.  Single processor Xen seems to have
performance issues with networking between virtual domUs on the same

Nicholas Lee
gpg 8072 4F86 EDCD 4FC1 18EF  5BDD 07B0 9597 6D58 D70C

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.