[Xen-users] DomU firewalling

[Carles Fragoso i Mariscal <cfragoso@xxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello everyone!

I am testing an environment with N debian-based DomU's where each of
them could be managed by diferent sysadmins. So I decided to deploy two
additional DomU's for firewalling and provide proxy-based services for
the rest of DomU's. The main reason is to provide granular access
control (perimeter protection and limit interference between DomU's)
withouth using Dom0.

The IP address space is a /24 so the firewall (iptables) should work as
a bridge. The proxy-DomU will be located on a DMZ-leg of the firewall-DomU.

I have seen that each DomU is limited to 3 interfaces. My question is:
Is there any way to overcome this limitation or at least to deal
individually (point-to-point) with each DomU from the firewall-DomU
point of view?

I would really appreaciate any comments and experiences regarding this
kind of approach or similare ones.

Thanks a lot in advance, keep up with the good work! :)

......................................................................
         __
        / /          Carles Fragoso i Mariscal
  C E / S / C A      Tècnic de seguretat
      /_/            Centre de Supercomputació de Catalunya

  Gran Capità, 2-4 (Edifici Nexus) - 08034 Barcelona
  T. 93 205 6464 - F.  93 205 6979 - cfragoso@xxxxxxxx
......................................................................
pgp:0x0E4EDE07 - 335C CB9F 84E8 85E9 A62B  EF3A 102F 01FF 0E4E DE07
ripe: AS13041  - CFM1-RIPE / iNOC-dba: 13041*CFM
......................................................................
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFEOmx5EC8B/w5O3gcRAmsCAJ4986cbaflBZOHUDa2gbpIF83iV0gCgqcb4
jf1qxbTnL/KZ4xpgvwnKbqo=
=Nh5H
-----END PGP SIGNATURE-----

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users