[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] firewall in domU

On Thursday, August 25, 2011 07:34:36 AM Tamás Pisch wrote:
> Hi,
> I use Xen on two Debian server now. On one, I'm going to install a
> router/firewall in a domU (dedicated for this task). It seems, the best
> would be to hide the wan interface from dom0 with pci passthrough.
> Unfortunately, the two servers aren't identical. The older doesn't have vt-d
> support, but I have to install the firewall on it, because the newer has
> bigger load now.
> My question is: how can I use software pci passthrough?

As Simon mentioned, you don't need vt-d to pass a network card through. 
(provided the card plays nice)

I have had some NICs that didn't allow this and as long as you don't give the 
WAN-network card an IP, it should not be possible to access the host directly.


Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.