Re: [Xen-users] Question about using Xen in a periphery firewall/router
Sanjay Arora wrote:
> The approach I've used at home is to hide a network card from Dom0 (see
pic-back.hide) and pass it through to a DomU which then sees it as a native
interface. I then run a firewall in the DomU and the outside traffic does
NOT go through Dom0. The route for packets is then :
> real i/f -> DomU (firewall) -> VIF -> int bridge [ Dom0 | VIF -> DomU ]
Can you advise hoe to set this up?
Use lspci to find the PCI address of the network card.
Edit your host boot menu (/boot/grub/menu.lst) to 'hide' the device
from your Dom0 like this :
title Xen 3.2-1-amd64 / Debian 2.6.18-6-xen-amd64 - Ext Eth hidden
kernel /xen-3.2-1-amd64.gz dom0_mem=512M
module /vmlinuz-2.6.18-6-xen-amd64 root=/dev/sda3 ro
Note : "module /vmlinuz-2.6.18-6-xen-amd64 root=/dev/sda3 ro
console=tty0 pciback.hide=(01:07.0)(01:06.0)" is all on one line. In
this case I've hidden two devices - one is a network card, the other
is a TV tuner. Note that you MUST include leading zeros in the PCI
address - ie 01:07.0 is valid, 1:7.0 will NOT work.
Then you make the device available to a DomU like this :
# Config file for Bubbles (Router)
kernel = '/boot/vmlinuz-2.6.18-6-xen-amd64'
ramdisk = '/boot/initrd.img-2.6.18-6-xen-amd64'
memory = '256'
root = '/dev/sda1 ro'
disk = [ 'phy:/dev/vgmain/bubblesroot,sda1,w',
name = 'bubbles'
vif = [ 'bridge=eth0,ip=192.168.0.2,mac=00:16:3e:35:f4:02' ]
on_poweroff = 'destroy'
on_reboot = 'restart'
on_crash = 'restart'
Search for "pciback" in the Xen documentation for more info - there
other ways of doing it, but this is reasonably simple to set up.
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
Xen-users mailing list