|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Re: Network isolation - PCI passthrough question
Le 20/12/2010 20:57, dave a écrit : > let's see if I understand, something like: > > domU (eth0) -> (PCI passthru) -> nic0 > > this domU will be like an appliance firewall, eth0 which is directly > configured to pci-dev nic0 is effectively the WAN interface of the domU > firewall. > > other domU vms are on the LAN side of firewall, so you need a "virtual LAN" > > bridging to lo interface can be problematic. instead, from dom0, > configure several 'tap' interfaces (see tunctl), and those can act as > LAN interface of the firewall domU and the interfaces of all other domU > vms. They can all be bridged together > > tunctl -t tap0 > tunctl -t tap1 > ... > # then > brctl addbr tap-br0 > brctl addif tap-br0 tap0 > brctl addif tap-br0 tap1 > ... > then assign tap0 to firewall domU, tap1 to first domU vm ... > > is this what you're trying to accomplish? Yes, it's more or less what I'm trying to do. In an ideal world, I would dom0 to be completly unaware of domU network. But I realize I need it to be able to attach domU's nics to bridge. As far as I have seen, there are no way to attach domU nic directly to my firewall domU. So, dom0 will always have access to network traffic from domU, right ? Regards, JB _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |