[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Firewall in domU, networking in XEN



=?ISO-8859-2?Q?S=B3awek_Kosowski?= wrote:

My question, as a XEN beginner: is this config quite feasible ?

Yes, very easy.

What should be improved ?

Nothing ?

Should I use bridged or routed mode in XEN ?

Bridged.

For the external interface you can do it two ways.
1) Use PCI passthrough to give the DomU firewall sole use of the NIC.
2) Create a bridge in Dom0 with the NIC attached - do not give Dom0 an address on this bridge.

Create two bridges - one each for DMS and internal networks.

When creating DomUs, give them VIFs on the bridges (ie networks) you want them to have access to. Give Dom0 IP address(es) on the bridge(s) you want it to be 'connected' to.

Don't use Xen network-script, use the host OS network tools to create the bridges. Much easier and more reliable - also works the same whether booting Xen or the host OS natively (eg when debugging or for maintenance).

BTW - you may also want a second NIC so that your internal network is available for other stuff (your own desktop/laptop, printers, etc) on the internal network.

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.