Re: [Xen-users] Firewalling Xen?
I set up my servers this way and prefer it as most flexible solution for me.
Dom0 (no firewall, firewalled externaly by ISP's firewall) - independent
host machine, no special setup for easy replacement if fails
DomU1 (Dedicated shorewall firewall machine doing nat, load balancing,
proxying etc. for another DomU's in virtual LAN)
DomU'sX (all inside LAN, behind DomU1 firewall)
DomU'sY (proxyarped in DMZ zone, looks like standalone machines from
So everything is bridged (NET,LAN,DMZ bridges)
Very flexsible, I can replace any component and my DomU's are not binded
to Dom0. I can move DomUs easily whithin my Dom0us.
Stephen Liu wrote:
--- Grant McWilliams <grantmasterflash@xxxxxxxxx> wrote:
Some people, when confronted with a problem, think "I know, I'll use
Now they have two problems.
On Tue, Dec 16, 2008 at 9:01 AM, Thomas Goirand <thomas@xxxxxxxxxx>
I'm wondering how to setup a firewall for Dom0 when all traffic
DomUs go 'through' it.
as we do commercial VPS hosting with xen and our own open source
management interface, we have designed a small anti-DoS firewall to
setup in your dom0. It does nothing spectacular, but it helps
ssh dictionary attacks, and other very common flood types that
hurt your server: ping, syn, etc.
I'd be happy to have contributions in this small script that is by
way very simple to extend (just add few functions for yourself and
share, then anybody can enable/disable them with ease.
Don't you mean this ;-)
A bit off topic but can dtc-xen control it's users in a way that you
assign an admin per VM? What I'm looking for is to have each student
his and only his domU.
Just came across this thread. The setup of the Xen box here is as
DomO - a workstation for remote setup/config DomU
DomU1 - mail server for routing (headless)
DomU2 - mail server for domain1 (headless)
DomU3 - mail server for domain2 (headless)
DomU4 - mail server for domain3 (headless)
Firewall is only running on domU1. I'm running virtual domains, with
all domains pointing at the same public IP (one public IP). All ports
on router are forwarded to the local IP of DomU1. Do I need to have
firewall installed on each DomU? TIA
Send instant messages to your online friends http://uk.messenger.yahoo.com
Xen-users mailing list
Xen-users mailing list