This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] Remote management of DomU

On Wed, Dec 21 '05 at 07:19, Alan Murrell wrote:
> > A quick thought is to do it via VPN.  Expose the Dom0 to the internal
> > network but use iptables to restrict virtually all traffic to the Dom0
> > and then allow only ssh coming off of an IPSec tunnel to be allowed to
> > go from the firewall to the Dom0 - John
> If Dom0 doesn't have a physical interface, how would I expose it to the 
> internal network?  Or are you suggesting I should add a 4th NIC?
Without going back into the archive, but I think onone has come up with

You can always give the bridge interface an IP, than you can use it from
Dom0 like if it was a regular interface.

I'm currently running a Xen3 amd64 server with three bridges:

- xenbr0: with the real eth0, and a vif from a firewall domU
- privbr: one vif from the firewall, and vifs from some domU. All
          interfaces on this bridge use 192.168.x.y IPs. this one also
          has an IP on it's own, so the Dom0 can be accessed
- pubbr: one vif form the firewall, vifs from some domUs all with public

The firewall is doing routing between xenbr0 and pubbr. I'm also runnign
a VPN domU that allows me to access the network on privbr.

Works fine so far.
/"\ Goetz Bock at blacknet dot de  --  secure mobile Linux everNETting
\ /       (c) 2005 Creative Commons, Attribution-ShareAlike 2.0 de
 X   [ 1. Use descriptive subjects - 2. Edit a reply for brevity -  ]
/ \  [ 3. Reply to the list - 4. Read the archive *before* you post ]

Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>