|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Remote management of DomU
On Fri, 2005-12-23 at 08:55 +0100, Goetz Bock wrote: > On Wed, Dec 21 '05 at 07:19, Alan Murrell wrote: <snip> > > You can always give the bridge interface an IP, than you can use it from > Dom0 like if it was a regular interface. > > I'm currently running a Xen3 amd64 server with three bridges: > > - xenbr0: with the real eth0, and a vif from a firewall domU > - privbr: one vif from the firewall, and vifs from some domU. All > interfaces on this bridge use 192.168.x.y IPs. this one also > has an IP on it's own, so the Dom0 can be accessed > - pubbr: one vif form the firewall, vifs from some domUs all with public > IPs. > > The firewall is doing routing between xenbr0 and pubbr. I'm also runnign > a VPN domU that allows me to access the network on privbr. > > Works fine so far. Just as a suggestion, I always cringe to put any device other than a firewall directly on the Internet with public IPs especially a domU just in case someone, somewhere, someday figures out how to crack into the other domUs or dom0 from a compromised domU. I would generally put the public servers on yet one more bridge as a DMZ with private addresses and protect them via the firewall so that only needed services are allowed - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan@xxxxxxxxxxxxxxxxxxx If you would like to participate in the development of an open source enterprise class network security management system, please visit http://iscs.sourceforge.net _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |