WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] pfSense HVM

from [Jonathan Tripathy] [Permanent Link][Original]
To: Nicolas Vilz 'niv' <niv@xxxxxxxxxx>, Xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] pfSense HVM
From: Jonathan Tripathy <jonnyt@xxxxxxxxxxx>
Date: Sat, 29 May 2010 11:45:29 +0100
Cc:
Delivery-date: Sat, 29 May 2010 03:46:46 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4C006BF0.4040208@xxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4BFE986C.5000704@xxxxxxxxxxx> <4C001295.4040909@xxxxxxxxxx> <4C0055BC.1050202@xxxxxxxxxxx> <4C006BF0.4040208@xxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100423 Thunderbird/3.0.4
if you passthrough your NIC, then you are right. no access from dom0 to physical NIC.
if you just setup a bridge on the WAN NIC and put the pfsense domU with one foot on that NIC, you have the possibility to setup another domU to be accessible outside, and you can setup emergency access to dom0 on that bridge, too. if you don't need dom0 for an external access, you can leave the bridge interface without an ip address, like i wrote above. I don't know, if someone can gain access to your dom0, when this dom0 has an unconfigured bridge listening on your WAN port.
you have to decide, how secure your setup shall be and what will you have to do, if your pfsense crashes.
if your co-lo doesn't allow you to have several MAC addresses on that port, you won't be able to use that kind of setup either.
in that case the only possible solution for you will be passthrough one of your two NICs to pfsense and hardwire the other one to your dom0 for emergency access.
PCI Passthrough is possible for your hardware, right? If not, you are still able to use the bridged setup as long as just one MAC shows up on that port. 


Hi Nicolas,
Yep, PCI Passthrough is possible on the server which I've ordered. It's a Dell R210 with a Xeon 3430 (2.4Ghz x 4, 8Mb cache) with 4GB of RAM. In Dell's marketing document, it specifically mentioned that it's Vt-d compatible.
If I were to use PCI Passthrough, then the 100Mbit wouldn't be an issue, correct?
And as for the "DMZ" side of of pfsense, if I follow Mike's instructions to enable the e1000 emulated adapter (which would be connect to a bridge), then that should also be ok for 100Mbit, correct? 

Thanks

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] pfSense HVM, Nicolas Vilz 'niv'
Next by Date:  [Xen-users] [HVM] No bootable device., Stefan Kuhne
Previous by Thread:  Re: [Xen-users] pfSense HVM, Nicolas Vilz 'niv'
Next by Thread:  Re: [Xen-users] pfSense HVM, Jonathan Tripathy
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy