[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Port based securiy noob

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: Ernst Bachmann <e.bachmann@xxxxxxxx>
Date: Fri, 21 Oct 2005 10:57:02 +0200
Delivery-date: Fri, 21 Oct 2005 08:54:21 +0000
List-id: Xen user discussion <xen-users.lists.xensource.com>

On Friday 21 October 2005 07:29, Richard Sperry wrote:
> I am looking to building an appliance that runs several Instances of linux
> each running the same Java server app. this way i can grant access to the
> box (hosted solution) to the customer. I do want to lock each instance to
> one port on the physical nic.  Is this possible?

Of course. Either pass the PCI device for each NIC to the right domU, but that 
might not work if its multiple NICs on a single PCI device, or create a 
seperate bridge for each physical NIC in dom0, and attach only one domU to 
each bridge. Run the bridges and NICs without IP address in dom0. Now even 
all domU<->domU traffic will run over the external interfaces.
If you need faster domU<->domU networking, simply create another 
"inter-domain" bridge, and connect a secondary virtual nic in the domUs to 
that (if you'd give that bridge an IP inside dom0, you can now even ssh into 
your domUs over the internal net, and have sshd in them only bind to that, 
think "management net")

/Ernst

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- [Xen-users] Port based securiy noob
  - From: Richard Sperry

Prev by Date: Re: [Xen-users] XEN on evms root
Next by Date: Re: [Xen-users] XEN on evms root
Previous by thread: [Xen-users] Port based securiy noob
Next by thread: [Xen-users] bind: Address already in use
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.