[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Firewall in domU, networking in XEN

  • To: xen-users@xxxxxxxxxxxxx
  • From: Sławek Kosowski <slawek.k_xl@xxxxx>
  • Date: Mon, 30 Apr 2012 11:00:48 +0200
  • Delivery-date: Mon, 30 Apr 2012 09:02:18 +0000
  • List-id: Xen user discussion <xen-users.lists.xen.org>

Hi all,

I want to run XEN on a dedicated server with following structure:
dom0 as hypervisor.
domU1 as a gateway - firewall, DNS, openVPN and maybe DHCP server. Firewalling 
via Shorewall.
domU2 as internal server with several services (Apache, MySQL available locally)
domU3 as DMZ with external Apache server that can be queried from external.

users from the outside should connect to OpenVPN at domU1 and have an access to 
the services on domU2. 
Apache on domU3 will connect to MySQL at domU2 and present the data to the 
client. That should ensure better security in case when domU3 is exposed.
domU1 should ensure firewalling the system, port forwarding 80 to domU3 and 
creating a NAT. 
The physical machine will have one NIC with one public IP.

My question, as a XEN beginner: is this config quite feasible ?
What should be improved ?
Should I use bridged or routed mode in XEN ?
I know that I have to enable NIC at domU1 by adding pci and netif=1 parameters 
to the config.
I also found this link:http://www.shorewall.net/3.0/XenMyWay.html
In my case I have only one public IP and I don't have wifi zone. 
I don't want to assign public IP to the domU2, just forward the port. 
Will assigning the public IP in domU2 improve scalability if we want to add 
more public-available services ?
Any recommended tutorials, howtos ?

Slawek Kosowski

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.