Xen project Mailing List

Re: [Xen-users] Remote management of DomU

From: "John A. Sullivan III" <jsullivan@xxxxxxxxxxxxxxxxxxx>

Date: Fri, 16 Dec 2005 12:19:28 -0500

Delivery-date: Fri, 16 Dec 2005 17:21:50 +0000

List-id: Xen user discussion <xen-users.lists.xensource.com>

On Thu, 2005-12-15 at 23:33 -0800, Alan Murrell wrote: > I currently have a Xen host server setup with three nics: > > eth0 -> hidden from Dom0 and assigned to my firewall domU > eth1 -> assigned the the bridge br-lan0, which is then exported to the > firewall domU for my LAN (handles both domUs and real machines on the LAN > subnet) > eth2 -> assigned to the bridge br-dmz0, which is then exported to the > firewall domU for my DMZ (handles both domUs and real machines on the DMZ > subnet) > > My problem is this: I would like to be able to log into my Dom0 remotely, but > do not want to put a 4th NIC in place to accomplish this; I'd rather do > something like log into my firewall domU then from there SSH into Dom0, OR > SSH to a different port and have the firewall domU port forward to the Dom0 > > I was thinking I may be able to accomplish this by using a dummy interface on > both the Dom0 and the domU firewall that are tied together, but wasn't sure > about how to configure this? Would I give the dummy interface on the Dom0 an > IP address then create a dummy interface on the firewall domU on the same > subnet and put appropriate routing rulesin place? (I use Shorewall) Or is > there a better way to accomplish this? > > Thanks, in advance, for your advice. > <snip> A quick thought is to do it via VPN. Expose the Dom0 to the internal network but use iptables to restrict virtually all traffic to the Dom0 and then allow only ssh coming off of an IPSec tunnel to be allowed to go from the firewall to the Dom0 - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan@xxxxxxxxxxxxxxxxxxx If you would like to participate in the development of an open source enterprise class network security management system, please visit http://iscs.sourceforge.net _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.