[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] firewall in domU

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: Joost Roeleveld <joost@xxxxxxxxxxxx>
Date: Thu, 25 Aug 2011 18:24:34 +0200
Delivery-date: Thu, 25 Aug 2011 09:28:11 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

On Thursday, August 25, 2011 07:34:36 AM Tamás Pisch wrote:
> Hi,
> 
> I use Xen on two Debian server now. On one, I'm going to install a
> router/firewall in a domU (dedicated for this task). It seems, the best
> would be to hide the wan interface from dom0 with pci passthrough.
> Unfortunately, the two servers aren't identical. The older doesn't have vt-d
> support, but I have to install the firewall on it, because the newer has
> bigger load now.
> My question is: how can I use software pci passthrough?

As Simon mentioned, you don't need vt-d to pass a network card through. 
(provided the card plays nice)

I have had some NICs that didn't allow this and as long as you don't give the 
WAN-network card an IP, it should not be possible to access the host directly.

--
Joost

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- [Xen-users] firewall in domU
  - From: TamÃs Pisch

Prev by Date: [Xen-users] Problem of modifying grub to boot kernel
Next by Date: Re: [Xen-users] preferred XEN dom0 OS
Previous by thread: Re: [Xen-users] firewall in domU
Next by thread: [Xen-users] OT: Staging startups for dependent machines
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.