WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Ideal(istic) Xen firewall design

Marcus Brown schrieb:

Option C-v3

===========
                              Internet
                                 |
                               eth1
           ______________________|_______________________
           |        _____________|_______________       |
           |        |        Firewall           |       |
Local eth0 =|========|       (Shorewall)         |=======|= eth2 DMZ (optional)
           |        |___________________________|       |
           |               eth4  |  eth5                |
           | ______________  | eth3  |  _______________ |
           | | Web Server |  |   |   |  | iPaq Server | |
           | |  (Apache2) |  |   |   |  | (Bluetooth) |=|= USB Host #1
           | |____________|  |   |   |  |_____________| |  (for BT Dongle)
           |          eth0 \ |   |   | / eth0           |
           | _______________\|   |   |/                 |
           | | Mail Server | |   |   |                  |
           | |  (Courier)  | |   |   |                  |
           | |_____________| |   |   |                  |
           |          eth0  \|   |   |                  |
           |                 |   |   |                  |
           |                br1  |  br2                 |
           |                 !  br0  !                  |
           |        _____________|_____________         |
           |        |                         |         |
           |        |          dom0           |         |
           |________|_________________________|_________|


Thanks for the hint, I was just compiling vlan support into dom0 when
your message arrived, so you've probably saved me from wandering
further into a pointless excercise! :)
I'll start playing with dummies instead! lol
I will soon try something similar, so I try following the thread. :-)

What exactly is a dummy interface (I have found some hints on its existence, but nothing detailed)? And can I configure it like a real interface in /etc/network/interfaces with "iface dummyX inet static ..."?

Regarding your drawing: Is the Firewall a xen guest system? And if yes, how did you transfer the real interfaces to it? If no, how is the firewall separated from dom0?

I am afraid to come up with unqualified questions, but I just started digging into complex networking schemes.

Thanks for any hint or help.

Dirk

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users