This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] Binding a nic to an interface in domU

To: Richard Heycock <rgh@xxxxxxxxxxxxxxx>
Subject: Re: [Xen-users] Binding a nic to an interface in domU
From: Steven Howe <howe.steven@xxxxxxxxx>
Date: Mon, 05 Dec 2005 07:56:57 -0800
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 05 Dec 2005 17:59:52 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:subject:from:to:cc:in-reply-to:references:content-type:date:message-id:mime-version:x-mailer; b=lT1/9xXnsLgD4GeQlLeR597Hb10TejMRSvaqX8FbxbqEiKTSaL3m5ei7IgqvK9hkwYUz2MG7oNKygdOMy1UNJgyhi0L86NFNQDuecf+Oy8vTRqYtODY4KLGpVX2TCK3gsUl8yk7q5aIAEsMTnQ5xjkom3BUb3dZQ1qC0011WIRM=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1133783782.13701.7.camel@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <1133783782.13701.7.camel@xxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Seems like overkill. IPTABLES has filter properties on a per route and per device basis. Why not
just learn how to use IPTABLES first, then you wouldn't need three doms.


On Mon, 2005-12-05 at 22:56 +1100, Richard Heycock wrote:

I would like to set up a machine which has two domU vms so they can both
be used as firewall machines -- we are getting two different internet
connections and I want to firewall both of them using one machine.

What I would like to do is bind one interface in each of the domUs to
the nic and the second to a bridged device and then use iptables to
firewall each vm.

a) does anyone know if this is possible and b) does it sound like the
correct way to do this?!


Xen-users mailing list
<Prev in Thread] Current Thread [Next in Thread>