My question, as a XEN beginner: is this config quite feasible ?

Yes, very easy.

What should be improved ?

Nothing ?

Should I use bridged or routed mode in XEN ?


For the external interface you can do it two ways.
1) Use PCI passthrough to give the DomU firewall sole use of the NIC.
2) Create a bridge in Dom0 with the NIC attached - do not give Dom0 an address on this bridge.

Create two bridges - one each for DMS and internal networks.

When creating DomUs, give them VIFs on the bridges (ie networks) you want them to have access to. Give Dom0 IP address(es) on the bridge(s) you want it to be 'connected' to.

Don't use Xen network-script, use the host OS network tools to create the bridges. Much easier and more reliable - also works the same whether booting Xen or the host OS natively (eg when debugging or for maintenance).

BTW - you may also want a second NIC so that your internal network is available for other stuff (your own desktop/laptop, printers, etc) on the internal network.

