[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Firewall in domU, networking in XEN



hi slawek,

1 comment only so far, until u begin u should know what u want. all wished 
features can be set up by xen, no prpos but dhcp firewall ... with 1 nic ...

that sound really mess'y

not xen is here the nut, the overal concept!

u want all services and all security with minimal hardware (nic).

in switzland we say: u can have the bread and the 5p at the same time :)

thanks walter

On 30.04.2012, at 11:00, SÅawek Kosowski <slawek.k_xl@xxxxx> wrote:

> Hi all,
> 
> I want to run XEN on a dedicated server with following structure:
> dom0 as hypervisor.
> domU1 as a gateway - firewall, DNS, openVPN and maybe DHCP server. 
> Firewalling via Shorewall.
> domU2 as internal server with several services (Apache, MySQL available 
> locally)
> domU3 as DMZ with external Apache server that can be queried from external.
> 
> users from the outside should connect to OpenVPN at domU1 and have an access 
> to the services on domU2. 
> Apache on domU3 will connect to MySQL at domU2 and present the data to the 
> client. That should ensure better security in case when domU3 is exposed.
> domU1 should ensure firewalling the system, port forwarding 80 to domU3 and 
> creating a NAT. 
> The physical machine will have one NIC with one public IP.
> 
> My question, as a XEN beginner: is this config quite feasible ?
> What should be improved ?
> Should I use bridged or routed mode in XEN ?
> I know that I have to enable NIC at domU1 by adding pci and netif=1 
> parameters to the config.
> I also found this link:http://www.shorewall.net/3.0/XenMyWay.html
> In my case I have only one public IP and I don't have wifi zone. 
> I don't want to assign public IP to the domU2, just forward the port. 
> Will assigning the public IP in domU2 improve scalability if we want to add 
> more public-available services ?
> Any recommended tutorials, howtos ?
> 
> Thanks
> Slawek Kosowski
> 
> 
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxx
> http://lists.xen.org/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.