|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] Best practice for firewall in domU
Sorry if this has been discussed before, but I am having trouble finding a definite answer... I am setting up a co-located server with a single nic and 2 IP's. I believe I want to run a firewall in the first domU (consuming 1 IP address), a web-serving domU with 2 network interfaces (other public IPs as DMZ and private network) and several other domU's with only private network interfaces (running app + db servers) . I want to bridge the private network to a tun/tap openvpn server in the firewall domU. Dom0 should probably be connected to the management interface. This all seems doable in Xen with the current version. I can successfully use pciback to hide the ethernet adapter from dom0 and configure it in the firewall domU. Is this considered a best practice? If so, how do I bridge/route the other IP to the second domU? I am currently assuming I would want two bridges defined in the dom0, one for the public IP's and one for the private network. If this is the case, how should I go about creating the bridges in a dom0 that has no ethernet adapter? The private network's bridge would want to be accessible from dom0, the DMZ bridge definitely not. Any thoughts would be greatly appreciated. Darrin. _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |