Mike Hoesing wrote:
Anyone want to share a step-by-step howto for approach 4 below?
* Dedicate a physical device to a "firewall domain" and have it filter on that
interface for all the other domains.
I've got this working, though not to my liking yet. To duplicate my setup:
Build or otherwise obtain a Xen0 kernel with the modules for your
NIC(s). Use 'lspci' to find the PCI addresses for the devices you want
to use in the DomU. Update the Xen entry for Xen0 in your GRUB config;
mine looks like:
kernel /boot/xen-2.0.6.gz dom0_mem=131072
physdev_dom0_hide='(01:04.0)(00:04.0)(01:0a.0)'
Create a Xen guest definition file. **Use the _Xen0_ kernel as the
kernel for the guest**. Add the PCI devices you hid from the host kernel
to the file. My definition looks like:
pci = [ '01,04,0', '00,04,0', '01,0a,0' ]
Copy the /lib/modules data from your Xen0 kernel into the filesystem of
the guest. Reboot to put the GRUB changes into effect, then start your
guest. Install and configure your firewalling software, and go. I use my
guest kernel as my DHCP server/gateway/firewall/router for the rest of
my home network, including the host kernel; I just treat the eth0 within
the guest as an interface to be NATed.
My issues so far are 1) extreme instability, which, for now, I'm
assuming are caused by the heat in my apartment and 2) the wireless NIC
I stuck in the guest is up and running according to iwconfig and
ifconfig, but I can't get see the signal from a client. There are known
issues using a WiFi card behind a bridge, but since it's on the other
side in my setup, I'm pretty puzzled. More as I figure stuff out...
-sten
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
Home