Xen project Mailing List

Re: [Xen-users] firewall domU

To: "Maximilian W. Zeller" <mawize@xxxxxxxxx>

From: "Grant McWilliams" <grantmasterflash@xxxxxxxxx>

Date: Thu, 18 Dec 2008 11:48:06 -0800

Delivery-date: Thu, 18 Dec 2008 11:52:51 -0800

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=uPrkFRrve0pOOOt8TkHUICdG9umg0EbXYIEALsOQK3Clr7/naLWSL7nwY4mcbx6hmT IMvU33eK0kvGW3iGcOzBFaiRQzqdHLotoJ5Zf8KgY5TR5tgth3NcTq53fy6yiZ8bSLfI evdcs72y/30XUubhbqSgpHv8JX8nwhRNiDVgs=

List-id: Xen user discussion <xen-users.lists.xensource.com>

On Thu, Dec 18, 2008 at 8:23 AM, Maximilian W. Zeller <mawize@xxxxxxxxx> wrote:

We would like to implement following scenario .. please look at the png attachment

Main Question:
how do i set up a domU firewall/router with one interface bridged to the internet and interfaces connected to other domUs? do we even need an interface for each connected domU?

thanks in advance
merry xmas

Max

Max,
Why would you want two firewalls protecting your internal network? Anyway it seems you'd want to do this if you keep both firewalls. Have both DomU firewalls connect to the standard eth0 bridge just as you have it now. Each DomU firewall will have a second vif. Create two more bridges - br0 and br1 (name them has you like) and specify the appropriate bridge in the www DomUs and email DomUs config files. You'll also need to specify that the second interfaces on the DomU firewalls reside on the appropriate bridges.

Grant McWilliams

Some people, when confronted with a problem, think "I know, I'll use Windows."
Now they have two problems.

Attachment: idea2.png
Description: PNG image

_______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users

References:

[Xen-users] firewall domU
- From: Maximilian W. Zeller