[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Secure Xen neworking help (route, ebtables, private network)


  • To: xen-users@xxxxxxxxxxxxxxxxxxx
  • From: Alexander Zherdev <azherdev@xxxxxxxxx>
  • Date: Sun, 24 Oct 2010 00:50:55 -0700 (PDT)
  • Delivery-date: Mon, 25 Oct 2010 09:15:18 -0700
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=25vHjr4377gYzzg5nNuTjEdr1l79TKYr/uarXEyyifyOwu0NbyvpjRIKDqwYixfv/6af2SPr9bYfzRoppAdrr4jSyCT/UshKx3igDo50taAFv9grrBFsQu418QyG0Rg3thY6whGEJaiaa4aEG6MI2oZUOpzSzOYCXZ6bzLo/A7E=;
  • List-id: Xen user discussion <xen-users.lists.xensource.com>

I need some help to configure a secure network on my Xen server. I have been looking online and it seems a I need a routed network. But I am having a terrible time implementing it.

My setup:

Xen 3.4.2
CentOS 5.5 Dom0
1 NIC (eth0)
 All guests will be HVM

What I want to do is something similar to a firewall and port forwarding.

e.g.

DomU.1 has DHCP address of 10.0.0.50 (DHCP matches MAC to assign same address and simplifies in creating templates)
DomU.2 has DHCP address of 10.0.0.60 (DHCP matches MAC to assign same address and simplifies in creating templates)
etc.

Dom0 eht0 has public IP of 92.82.72.100 that forwards port 22 + 80 + 443 to 10.0.0.50
Dom0 eht0 has public IP of 92.82.72.101 that forwards port 21 + 22 + 80 + 443 to 10.0.0.60
etc.

I also need to prevent a DomU from: a) stealing other IPs and b) communicating with other private systems unless Dom0 sais ok.
Right now, I do not need to have DomU on different physical servers sharing same network - what open vswitch provides - that's phase 2. But of course if it provides what I need above easily, then I'm for it.

What do I need? I know how to accomplish most of it using real hardware with firewalls, vlans, etc.

I am fairly new to Xen so please, if possible, provide examples.
 
Alexander Zherdev
azherdev@xxxxxxxxx

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.