|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Network Interface Problems for DomU Firewall
On Friday 31 July 2009, Tom Jensen wrote: > [snip] > > As I mentioned before, my ultimate goal is to configure a standard three > interface firewall within the DomU. Most of the information I have found > on the subject suggests the most secure way to accomplish this is to > dedicate the interface connected to the Internet to the DomU using PCI > passthrough. The other two interfaces (DMZ & LAN) would be virtual > interfaces bridged to the Dom0. I am open to other concepts for creating > a firewall DomU if anyone cares to share their configurations. How about to have the firewall inside dom0? If it hasn't more to do than routing/firewalling i think a separate domU is a bit blown. You could replace /etc/xen/scripts/network-bridge with a dummy script (always exit 0, no interface renaming), create simple bridges eg. brnet (bridge interfaces eth0), brlan/brdmz (no bridge interfaces, no ip) and add the domU vifs to these bridges. You could now firewall inside the bridges. Have a look at http://www.shorewall.net/manpages/shorewall-hosts.html if you use it. Works fine. Christian > > > -- > > Fajar > > _______________________________________________ > Xen-users mailing list > Xen-users@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-users -- "Without music to decorate it, time is just a bunch of boring production deadlines or dates by which bills must be paid." --- Frank Vincent Zappa _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |