[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Managed Firewall

To: Xen-users@xxxxxxxxxxxxxxxxxxx
From: Jonathan Tripathy <jonnyt@xxxxxxxxxxx>
Date: Sat, 12 Jun 2010 18:28:02 +0100
Cc:
Delivery-date: Sat, 12 Jun 2010 10:29:18 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

Hi everyone,

Once I roll out my Xen VPS hosting solution, I wish to provide a"managed firewall" service to my customers. What I wish to do is to usemy firewall (which will sit on the edge between the ISP WAN and my VM'sLAN) to filter traffic between the WAN and the LAN VMs (this is easy),as well as filter between the VMs.

Now, this "firewall" will actually be a "filtering bridge" as the VMswill be using public IPs, so the firewall's WAN and LAN interfaces willbe bridged together. My question is, how can I "force" all traffic fromeach VM host to go back out via the firewall? Is it just a matter ofusing iptables/ebtable in the bridge in the Dom0 to make sure that thevifs can only communicate with the physical interface (which will beconnected to the firewall) ?

I think the hardest part will be to configure the switch in such a waythat it doesn't route traffic directly to the destination VM.


The firewall will be using pfsense by the way.

Any help or tips is very much appreciated.

Thanks

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] Managed Firewall
  - From: Simon Hobson

Prev by Date: [Xen-users] DSN: failed ()
Next by Date: Re: [Xen-API] [XCP]: RC1 of XCP 0.5 available for testing
Previous by thread: [Xen-users] DSN: failed ()
Next by thread: Re: [Xen-users] Managed Firewall
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.