This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] advanced bridging...

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] advanced bridging...
From: Geert Janssens <info@xxxxxxxxxxxx>
Date: Thu, 10 May 2007 10:17:05 +0200
Delivery-date: Thu, 10 May 2007 01:15:38 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <200705051618.37456.janssens-geert@xxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Organization: Kobalt W.I.T.
References: <4639EC7F.30103@xxxxxxxxx> <4639FE29.9060709@xxxxxxxxxxxx> <200705051618.37456.janssens-geert@xxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.4
Sorry for this double post. It was sent from the wrong e-mail address, which I 
realised just too late. You can ignore it and comment on the original post if 
you like instead.

Again, sorry.


On Saturday 5 May 2007 16:18, Geert Janssens wrote:
> Hi Marc,
> I have seen two network diagrams of you passing in the thread already and
> they both helped me understand the Xen networking a lot better.
> The first diagram explained how to setup a Xen system with 1 physical NIC,
> where one domU acts as a firewall for the other domU's. In this scenario,
> dom0 is connected to the bridge that links to the unsafe net (the "outside"
> network for the domU firewall).
> The second diagram explained who to setup a Xen system with 2 physical
> NICs, dom0 acts as a firewall between the two NICs. It is setup with two
> bridges, one that connects the internet side of the virtual network (first
> physical NIC and first virtual NIC) and one that connects the LAN side of
> the virtual network (seconf physical NIC for the rest of the LAN, second
> virtual NIC for dom0 and virtual NICs for the different domU's).
> Unfortunatly, what I am trying to achieve is yet another slight variation.
> See the attached image.
> I would like to setup a system with two physical NICs (peth0 and peth1),
> where the firewall runs in domU.
> For that I would like to setup two xen bridges.
> The first is on the LAN side, and is a typical Xen bridge: one physical
> NIC, a virtual NIC for dom0 and one for domU.
> The second would be on the internet side, but it should NOT have a virtual
> NIC for dom0, only for domU. The idea is that dom0 should not be accessible
> from the internet, only from the LAN.
> Is such a setup possible ? And if yes, how ?
> Thank you.
> Geert Janssens
> P.S. in an earlier attempt I tried to eliminate the second bridge
> altogether by assigning peth1 directly to the domU with PCI back.
> Unfortunatly, I can't seem to get PCI back working correctly on my system,
> so I'd like to try this alternative approach.

Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>