|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Re: Network isolation - PCI passthrough question
Le 20/12/2010 15:47, Mike Fröhner a écrit : > Am 20.12.2010 15:08, schrieb Jean Baptiste FAVRE: >> Hello, >> I thinking about using PCI passthrough to dedicated a domU as firewall. >> >> I understand PCI passthrough concept. When done, my domU will see >> network card and the dom0 won't any more. So I'll be able to filter all >> trafic from outside, since it will go through network domU. >> >> Then, how will I be able to connect other domU (and maybe dom0) to the >> network domU ? >> >> In a normal way, creating domU makes dom0 creating vif interfaces and >> bridge (in my configuration) it. But once netowkr will be isolated in a >> specific domU, dom0 won't be able to interact with it, will it ? > > How many network cards do you have in this computer? I think you'll need > minimal 2 nics. One for dom0 and domU (vif) to communicate and one for > PCI passthrough. As you understood right, dom0 won't see the PCI > passthrought nic. >> >> Any link/help/explanation appreciated. >> >> Regards, >> JB Hello, For now, I have 2 nics within a bond interface. What I would like to achieve is to have a dedicated domU acting as firewall for all other domU like in Qubes-os project (http://qubes-os.org/Home.html). That means, I want to passthrough both nics to one domU called "netDomU" and connect all "regular" domU networks to "netDomU". But since dom0 won't see any network card, how can I create vif interfaces ? But maybe PCI passthrough won't be the solution for that purpose ? Regards, JB _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |