|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Direct network traffic to Mini-OS domU
Luca Giacomoni wrote: > I created a domU in which Mini-OS (with lwip) is run. I need to direct all > the outbond network traffic to Mini-OS. Are you trying to use this Mini-OS guest as a firewall ? The easy way to do it is to create two bridges - lets call them brint and brext. brext will have two attached devices - eth0 of the host, and eth0 of the Mini-OS guest. The host does not need an IP address in this bridge if you don't need to it directly access the outside world. brint will have an IP address for the host, and eth1 of the Mini-OS guest. You configure the Mini-OS as a two-port firewall and do all the routing, NAT, filtering there. For all your other guests, attach them only to brint, and set their default gateway to be the internal address of the Mini-OS guest. All their traffic now goes through the firewall. As an alternative, instead of setting up brext, you could use PCI-passthrough to make eth0 of the host directly accessible to the guest. That way, external traffic doesn't go through the host at all - apart from the low level PCIback virtualisation code. This is the setup I ran at home for some time - it's now slightly different as I use PPPoE on the firewall virtual machine. _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |