[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Best practice for firewall in domU



Hi Darrin,

On Monday 02 October 2006 11:09, Darrin Wortlehock wrote:
> I am currently assuming I would want two bridges defined in the dom0,
> one for the public IP's and one for the private network.  If this is
> the case, how should I go about creating the bridges in a dom0 that
> has no ethernet adapter? The private network's bridge would want to
> be accessible from dom0, the DMZ bridge definitely not.

Create the necessary additional interfaces/bridges in Dom0 using the dummy 
interface, then export them to the firewall DomU.  The firewall DomU will see 
them as network interfaces.

When you create the other DomU's, attach them to the appropriate bridges.

You can put all your DomUs on private IPs and use port forwarding on the 
firewall DomU.  The firewall DomU can then have both of your real IPs on the 
eth0 interface.

I hope this helps?  I am running a similar setup, and can provide some further 
assistance if you need it, though a lot of the information is on the lists as 
well.  My assistance would be Debian-specific, however,as that is what I am 
running on my Dom0.

-Alan

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.