|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-users] Xen 3.2 Setup advice pretty please
-----Original Message----- From: edoardo@xxxxxxxxxxxxx [mailto:edoardo@xxxxxxxxxxxxx] On Behalf Of lists@xxxxxxxxxxxxx Sent: Tuesday, October 21, 2008 12:58 To: Dustin Henning Subject: Re: [Xen-users] Xen 3.2 Setup advice pretty please ----- "Dustin Henning" <Dustin.Henning@xxxxxxxxxxx> wrote: > If you are using bridging and the connection to eth0 already supports > all of these addresses, you should simply assign one address to each > domU directly. There is an ip= switch for the vif line in PV domUs, > but I believe it is not for bridging. That said, I think you want to > remove the aliases and the IPs f9om dom0 and manually configure the > eth0 in each domU just as you would a normal machine (with an IP, > netmask, gateway, etc). If the IPs can be used from dom0 and bridging > is working properly, this should allow them to be used exclusively > from their respective domUs. > Dustin > > -----Original Message----- > From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Lists > Sent: Tuesday, October 21, 2008 12:24 > To: xen-users > Subject: [Xen-users] Xen 3.2 Setup advice pretty please > > Hi all, > > I have been trying various failing solutions so I turn to the gurus > for guidance in times of trouble. > > I have a Xen 3.2-1 server running on a Debian etch > (2.6.18-6-xen-vserver-686) in a remote data centre. > I also have 5 public IPs in different ranges and only one NIC. > > What I want to do is simple. Have the applications running on my > DomUs available to the internet. > > Dom0 - Web proxy for routing to the correct Dom(2/3). > Dom1 - Mail > Dom2 - Web > Dom3 - Web > > I'd like it as secure as possible. > > I tried using IP aliasing on my NIC + bridge but that didn't work. > I tried nat but I can't seem to get the firewall to work properly. > > > In short: > > |-> Dom0 > WAN <---> eth0 <---|-> Dom1 > 91.111.100.50 |-> Dom2 > 100.10.121.30 |-> Dom3 > 98.66.100.125 > 96.130.120.14 > 95.85.140.121 > > > If anyone has any advice at all, I'd greatly appreciate it. I'm at a > loss. > > Thanks > -- > eco > > _______________________________________________ > Xen-users mailing list > Xen-users@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-users > > > > _______________________________________________ > Xen-users mailing list > Xen-users@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-users Thanks Dustin, I'll give that a go and report how I do. Does that mean the bridge can support IPs that are not clustered into one specific range (98.121.150.XXX)? -- Eco I believe the bridge is basically a virtual layer 2 switch. As such, it has no knowledge of layer 3 (IP in this case). That said, and after re-reading your post, it is worth mentioning that most people feel that running applications on dom0 is inherently insecure. I don't know what your web proxy does, but if it reroutes traffic based on subdomains, you should just set the sudomains to point at the proper domU IPs at your DNS server/service. On the other hand, if it does something more than that, it should (based on this security theory) be in a separate domU itself. Finally, also regarding security, you should probably run a firewall on each domU if you aren't already, as they will exposed directly to the internet (unless they are behind a hardware firewall). Dustin _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |