[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Ideal(istic) Xen firewall design

To: Marcus Brown <marcusbrutus@xxxxxxxxxxxxxxxx>
From: Nicholas Lee <emptysands@xxxxxxxxx>
Date: Sat, 13 Aug 2005 15:11:29 +1200
Cc: bgb@xxxxxxxxx, xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Sat, 13 Aug 2005 03:09:52 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=teYfR2/JC1pwpOYrFUJ41H7qQtA7HSF9epZUlnkLax2cKh0iWhhmFXiL0/6XyiDKD+lLXMDxMtYARSzEMhOZHG9b83mJKotkaumCBbWX5Y5JiSSD7b9H3R05/GgWAMPZJzb1PlmTE9KB2ZB4k4oMgPMWia8yGgTAHBOtabJO9hU=
List-id: Xen user discussion <xen-users.lists.xensource.com>

On 8/12/05, Marcus Brown <marcusbrutus@xxxxxxxxxxxxxxxx> wrote:
> 
> I understand from various postings that I need to manually create the
> extra bridges before bringing up the Firewall domain.
> I guess I could do that in a number of ways,
> but is there a 'Xen approved' method?

I'm not doing the firewall with Xen thing yet, but this is what I've
done for both Xen and UML for my 'virutal internal' networks:

/etc/network/interfaces
auto internal-br
iface internal-br inet static
        address 10.1.0.254
        netmask 255.255.0.0
        network 10.1.0.0
        broadcast 10.1.255.255
        bridge_ports eth1
        bridge_fd 0
        bridge_hello 1
        bridge_stp off
        up route add -net 192.168.1.0/24 gw  10.1.0.1
        down route del -net 192.168.1.0/24 gw  10.1.0.1

Note, in your setup you might use dummy0/1 instead of eth1 in the
above.  I leave the default xen-br to xen itself to configure.

I used dummy interfaces succesfully with UML, I'm not sure how well
they would work with Xen.  Single processor Xen seems to have
performance issues with networking between virtual domUs on the same
host.

-- 
Nicholas Lee
http://stateless.geek.nz
gpg 8072 4F86 EDCD 4FC1 18EF  5BDD 07B0 9597 6D58 D70C

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] Ideal(istic) Xen firewall design
  - From: Dirk H. Schulz

References:
- [Xen-users] Ideal(istic) Xen firewall design
  - From: Marcus Brown
- Re: [Xen-users] Ideal(istic) Xen firewall design
  - From: Andreas Seuss
- Re: [Xen-users] Ideal(istic) Xen firewall design
  - From: Marcus Brown
- Re: [Xen-users] Ideal(istic) Xen firewall design
  - From: Marcus Brown

Prev by Date: Re: [Xen-users] Options for >4GB setups
Next by Date: [Xen-users] Jumbo frames in 2.0.6 dom0
Previous by thread: Re: [Xen-users] Ideal(istic) Xen firewall design
Next by thread: Re: [Xen-users] Ideal(istic) Xen firewall design
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.