[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] dom0 networking



Hi Paolo
Am Freitag 07 Juli 2006 06:02 schrieb Paolo Supino:
> Hi
>
>   I have a bit of a problem that I have to overcome. I have 2 networks
> that I need to run different system on (DMZ and internal). I have one
> computer that has two NICs and I thought of doing the following: Setup
> Xen and run dom0 without giving it an IP address. Setup one domU that is
> bridged through the first NIC and a second domU that is bridge through a
> second bridge on the second interface. 
Should be possible. You could even hide the nics from dom0 and hand them over 
to the domU. Thats my current setup.
> The result of this setup is that 
> I have 2 domUs that are totally separated even on the network level and
> dom0 that is unreachable because it doesn't exist in layer 3 and above.
> The questions I have:
> 1. Is it possible not to give dom0 an IP address at all and still have
> the domU be able to network?
Yup. Since in standard setup the physical device and the device dom0 sees as 
eth0 are different. The physical device becomes peth0 and is attached to a 
bridge and veth0 is renamed to eth0 and then gets the ip and mac of the old 
eth0.
you just might want to modify /etc/xen/scripts/network-bridge. There might be 
an easier way which I'm missing right now, since I myself just started
> 2. Is such a setup has a security weakness that I'm not seeing?
Don't know about that one...

Jonathan

Attachment: pgppbDkmgBmOy.pgp
Description: PGP signature

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.