This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] Remote management of DomU

On Thu, 2005-12-15 at 23:33 -0800, Alan Murrell wrote:
> I currently have a Xen host server setup with three nics:
>   eth0 -> hidden from Dom0 and assigned to my firewall domU
>   eth1 -> assigned the the bridge br-lan0, which is then exported to the 
> firewall domU for my LAN (handles both domUs and real machines on the LAN 
> subnet)
>   eth2 -> assigned to the bridge br-dmz0, which is then exported to the 
> firewall domU for my DMZ (handles both domUs and real machines on the DMZ 
> subnet)
> My problem is this: I would like to be able to log into my Dom0 remotely, but 
> do not want to put a 4th NIC in place to accomplish this; I'd rather do 
> something like log into my firewall domU then from there SSH into Dom0, OR 
> SSH to a different port and have the firewall domU port forward to the Dom0
> I was thinking I may be able to accomplish this by using a dummy interface on 
> both the Dom0 and the domU firewall that are tied together, but wasn't sure 
> about how to configure this?  Would I give the dummy interface on the Dom0 an 
> IP address then create a dummy interface on the firewall domU on the same 
> subnet and put appropriate routing rulesin place? (I use Shorewall)  Or is 
> there a better way to accomplish this?
> Thanks, in advance, for your advice.
A quick thought is to do it via VPN.  Expose the Dom0 to the internal
network but use iptables to restrict virtually all traffic to the Dom0
and then allow only ssh coming off of an IPSec tunnel to be allowed to
go from the firewall to the Dom0 - John
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880

If you would like to participate in the development of an open source
enterprise class network security management system, please visit

Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>