WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Remote management of DomU

from [Alan Murrell] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Remote management of DomU
From: Alan Murrell <lists@xxxxxxxxxx>
Date: Wed, 21 Dec 2005 07:19:13 -0800
Delivery-date: Wed, 21 Dec 2005 16:27:38 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1134753568.2587.38.camel@localhost>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <E1En9iI-0006yY-N9@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <200512152333.44662.lists@xxxxxxxxxx> <1134753568.2587.38.camel@localhost>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.8.2 
Hi John,

On Friday 16 December 2005 09:19, John A. Sullivan III wrote:
> A quick thought is to do it via VPN.  Expose the Dom0 to the internal
> network but use iptables to restrict virtually all traffic to the Dom0
> and then allow only ssh coming off of an IPSec tunnel to be allowed to
> go from the firewall to the Dom0 - John

If Dom0 doesn't have a physical interface, how would I expose it to the 
internal network?  Or are you suggesting I should add a 4th NIC?

I was thinking I might be able to use a dummy interface on Dom0, but couldn't 
figure out how to put it on the internal network, unless it's possible to add 
it to the br-lan0 bridge with an IP already on it...?

Alternatively, is it possible to add a dummy interface on both the firewall 
domain and Dom0, and somehow tie them together via VPN?

-Alan


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] Re: Xen-2.0.7: 2.6.14 DomU and Dom0, Denny Schierz
Next by Date:  [Xen-users] Problem upgrading from Xen 2.0 to Xen 3.0, Nate Carlson
Previous by Thread:  Re: [Xen-users] Remote management of DomU, John A. Sullivan III
Next by Thread:  Re: [Xen-users] Remote management of DomU, Goetz Bock
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy