[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Managed Firewall

Hi everyone,

Once I roll out my Xen VPS hosting solution, I wish to provide a "managed firewall" service to my customers. What I wish to do is to use my firewall (which will sit on the edge between the ISP WAN and my VM's LAN) to filter traffic between the WAN and the LAN VMs (this is easy), as well as filter between the VMs.

Now, this "firewall" will actually be a "filtering bridge" as the VMs will be using public IPs, so the firewall's WAN and LAN interfaces will be bridged together. My question is, how can I "force" all traffic from each VM host to go back out via the firewall? Is it just a matter of using iptables/ebtable in the bridge in the Dom0 to make sure that the vifs can only communicate with the physical interface (which will be connected to the firewall) ?

I think the hardest part will be to configure the switch in such a way that it doesn't route traffic directly to the destination VM.

The firewall will be using pfsense by the way.

Any help or tips is very much appreciated.


Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.