|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] confused: How to put packetfilter into domU and isolate dom0 completely?
Hi, Angel Lopez wrote: >> give me the correct words to use in search engines? I've seen >> pciback.hide for the dom0 kernel, but how can I make certain that the >> filtering domU will get that card? > I have done this. First, you have to know the PCI ID of the NIC, you can > get this with the lspci command. Second, you have to tell the PCI ID to > the kernel, you can indicate this with the pciback.hide parameter. Third, > you assign the PCI ID to the VM with the pci parameter in the VM config > file. Thanks a lot, I somehow missed that part, that pci needed to be on its own. I always tried to put it into the vif line. > The hidden NIC doesn't appears in Dom0, you won't see it with ifconfig, > and it will be available in the DomU that the NIC was assigned to. Yes, I'm seeing that right now :) > I only have a problem with this, if I hide eth3 to Dom0 and assign it to a > DomU, I see the interface in the DomU as eth3 not as eth0... how can I > rename it? with the "ip link set name" command? I don't see that, however I just have a single NIC in the computer. With these settings, I get: vif = ['bridge=mybridge'] pci=['00:04.0'] eth0 is attached to mybridge eth1 is the physical nic (physical server has only single nic) if I set vif = ['','bridge=mybridge'] pci=['00:04.0'] eth0 is unused eth1 is attached to bridge eth2 is the physical nic Thus it seems the pci device is set always behind the defined vifs. Thanks for your help, it seems this solution is much easier to handle than multiple bridges! Cheers Carsten _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |