[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] How to setup my Xen network?

To: lists@xxxxxxxxxxxxx
From: Mike Wright <mike.wright@xxxxxxxxxxxxxx>
Date: Mon, 20 Oct 2008 13:49:39 -0700
Cc: xen-users <xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Mon, 20 Oct 2008 13:50:25 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

lists@xxxxxxxxxxxxx wrote:

Hi all,

I have several servers I'd like to consolidate to Xen 3.2 and I am having a bit 
of trouble with firewalls and the best network environment to chose from.  I 
have read documentation here and there but I am a bit confused now and after 
some advice or specific documentation.

1/ I'd like the following but have had problems getting ut to work with a 
firewall on Dom0


                                |-> Dom1 (10.0.0.10) - Mail
WAN <-----> eth0 Dom0 <---------|-> Dom2 (10.0.0.10) - Web
        (87.98.252.205)         |-> Dom3 (10.0.0.10) - Web

Where Dom0 is the firewall and DomUs are natted.  Dom0 would have a web proxy 
to redirect http to the right server.  I tried getting this to work with 
shorewall but it's a no go.  Has someone managed this setup with a proper 
firewall in place?

2/ Second option would be to use a bridge but I'm not sure the following would 
work

          |-> Dom0 87.98.252.205 - (Restricted)
          |-> Dom1 98.12.113.200 - Mail
WAN <-----|-> Dom2 99.130.15.200 - Web
          |-> Dom3 85.99.120.113 - Web

Can I have a bridge with public IPs in completely different ranges?

3/ Last but not least is a theory I found about putting the Dom1 as the 
firewall, locking out Dom0 for security reason and have the whole environment 
natted.  If this would work for me, is there any documentation?  I see threads 
and attempts but no real documentation on how this is done.

Many thanks for any help you can provide.  Like I said, pointers to good 
documentation is more than welcome!


Hi, eco!

Here is a link to a setup I built back in '06. I don't claim that it's*good* documentation.


  http://www.hostisimo.com/xen-howto.html

It uses xen-3.0.2 so some things have certainly changed but this mayserve as a basis for your efforts.

Because it is in a controlled access environment and at times I need tohang physical boxes onto the various bridges I used three physical NICs.In your case you would only need the WAN to be physical; the DMZ woulduse a tap device for the bridge.


Chop off what you don't need and use what you do.

I hope you have as much fun as I did getting all the pieces to worktogether.

nb: this doc resides on a low bandwith adsl connection so access may notbe too zippy.


hth,
Mike Wright :m)

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- [Xen-users] How to setup my Xen network?
  - From: lists

Prev by Date: RE: [Xen-users] Shared SAN disk LUN between 2 servers and migrationproblem
Next by Date: [Xen-users] virt-install config file
Previous by thread: Re: [Xen-users] How to setup my Xen network?
Next by thread: Re: [Xen-users] How to setup my Xen network?
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.