This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] Remote management of DomU

On Fri, 2005-12-23 at 08:55 +0100, Goetz Bock wrote:
> On Wed, Dec 21 '05 at 07:19, Alan Murrell wrote:
> You can always give the bridge interface an IP, than you can use it from
> Dom0 like if it was a regular interface.
> I'm currently running a Xen3 amd64 server with three bridges:
> - xenbr0: with the real eth0, and a vif from a firewall domU
> - privbr: one vif from the firewall, and vifs from some domU. All
>           interfaces on this bridge use 192.168.x.y IPs. this one also
>           has an IP on it's own, so the Dom0 can be accessed
> - pubbr: one vif form the firewall, vifs from some domUs all with public
>          IPs. 
> The firewall is doing routing between xenbr0 and pubbr. I'm also runnign
> a VPN domU that allows me to access the network on privbr.
> Works fine so far.
Just as a suggestion, I always cringe to put any device other than a
firewall directly on the Internet with public IPs especially a domU just
in case someone, somewhere, someday figures out how to crack into the
other domUs or dom0 from a compromised domU.

I would generally put the public servers on yet one more bridge as a DMZ
with private addresses and protect them via the firewall so that only
needed services are allowed - John
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880

If you would like to participate in the development of an open source
enterprise class network security management system, please visit

Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>