|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Firewalling Xen?
Hi! I set up my servers this way and prefer it as most flexible solution for me.Dom0 (no firewall, firewalled externaly by ISP's firewall) - independent host machine, no special setup for easy replacement if fails DomU1 (Dedicated shorewall firewall machine doing nat, load balancing, proxying etc. for another DomU's in virtual LAN) DomU'sX (all inside LAN, behind DomU1 firewall)DomU'sY (proxyarped in DMZ zone, looks like standalone machines from internet) So everything is bridged (NET,LAN,DMZ bridges)Very flexsible, I can replace any component and my DomU's are not binded to Dom0. I can move DomUs easily whithin my Dom0us. andris Stephen Liu wrote: --- Grant McWilliams <grantmasterflash@xxxxxxxxx> wrote:Grant McWilliams Some people, when confronted with a problem, think "I know, I'll use Windows." Now they have two problems. On Tue, Dec 16, 2008 at 9:01 AM, Thomas Goirand <thomas@xxxxxxxxxx> wrote:lists@xxxxxxxxxxxxx wrote:I'm wondering how to setup a firewall for Dom0 when all trafficfor theDomUs go 'through' it. Hi, as we do commercial VPS hosting with xen and our own open source management interface, we have designed a small anti-DoS firewall to setup in your dom0. It does nothing spectacular, but it helpsagainstssh dictionary attacks, and other very common flood types thatmighthurt your server: ping, syn, etc.http://git.gplhost.com/gitweb/?p=dtc-xen.git;a=blob;f=debian/dtc-xen.init;h=5e4df2e46e3a872a2d73ada77e24e8bb242f8b6b;hb=a75a32b23d6dde71dc684045b3c2e7051c30e6faI'd be happy to have contributions in this small script that is bytheway very simple to extend (just add few functions for yourself and share, then anybody can enable/disable them with ease. ThomasDon't you mean this ;-)http://git.gplhost.com/gitweb/?p=dtc-xen.git;a=blob;f=debian/dtc-xen-firewall.init;h=16139921d6efd6fc2e407f7d80b11fae97befdf9;hb=a75a32b23d6dde71dc684045b3c2e7051c30e6faA bit off topic but can dtc-xen control it's users in a way that you can assign an admin per VM? What I'm looking for is to have each student manage his and only his domU. Grant McWilliamsHi folks, Just came across this thread. The setup of the Xen box here is as follows; DomO - a workstation for remote setup/config DomU DomU1 - mail server for routing (headless) DomU2 - mail server for domain1 (headless) DomU3 - mail server for domain2 (headless) DomU4 - mail server for domain3 (headless) etc. Firewall is only running on domU1. I'm running virtual domains, with all domains pointing at the same public IP (one public IP). All ports on router are forwarded to the local IP of DomU1. Do I need to have firewall installed on each DomU? TIA B.R. Stephen LSend instant messages to your online friends http://uk.messenger.yahoo.com_______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |