WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] How to setup my Xen network?

To: xen-users <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-users] How to setup my Xen network?
From: Lists <lists@xxxxxxxxxxxxx>
Date: Mon, 20 Oct 2008 13:31:00 +0000 (UTC)
Delivery-date: Mon, 20 Oct 2008 06:31:20 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <27133572.1151224505500360.JavaMail.root@xxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
----- lists@xxxxxxxxxxxxx wrote:

> Hi all,
> 
> I have several servers I'd like to consolidate to Xen 3.2 and I am
> having a bit of trouble with firewalls and the best network
> environment to chose from.  I have read documentation here and there
> but I am a bit confused now and after some advice or specific
> documentation.
> 
> 1/ I'd like the following but have had problems getting ut to work
> with a firewall on Dom0
> 
> 
>                                 |-> Dom1 (10.0.0.10) - Mail
> WAN <-----> eth0 Dom0 <---------|-> Dom2 (10.0.0.10) - Web
>         (87.98.252.205)         |-> Dom3 (10.0.0.10) - Web
> 
> Where Dom0 is the firewall and DomUs are natted.  Dom0 would have a
> web proxy to redirect http to the right server.  I tried getting this
> to work with shorewall but it's a no go.  Has someone managed this
> setup with a proper firewall in place?
> 
> 2/ Second option would be to use a bridge but I'm not sure the
> following would work
> 
>           |-> Dom0 87.98.252.205 - (Restricted)
>           |-> Dom1 98.12.113.200 - Mail
> WAN <-----|-> Dom2 99.130.15.200 - Web
>           |-> Dom3 85.99.120.113 - Web
> 
> Can I have a bridge with public IPs in completely different ranges?
> 
> 3/ Last but not least is a theory I found about putting the Dom1 as
> the firewall, locking out Dom0 for security reason and have the whole
> environment natted.  If this would work for me, is there any
> documentation?  I see threads and attempts but no real documentation
> on how this is done.
> 
> Many thanks for any help you can provide.  Like I said, pointers to
> good documentation is more than welcome!
> --
> eco


I guess what I am asking for is advice on how to make 3 DomUs available to the 
internet through one physical interface with a minimum of risk.  I'd rather 
only use one public IP but I can have access to several more but in different 
ranges as shown above.

Any documentation explaining how to do this is welcome.

Thanks
--
eco

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users