WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Best practice for firewall in domU

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Best practice for firewall in domU
From: Alan Murrell <alan@xxxxxxxxxx>
Date: Mon, 2 Oct 2006 20:11:04 -0700
Delivery-date: Tue, 03 Oct 2006 01:16:40 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <FDCF86EE-A79C-4963-BD6D-CE7D75EA1EB9@xxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <FDCF86EE-A79C-4963-BD6D-CE7D75EA1EB9@xxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.8.2
Hi Darrin,

On Monday 02 October 2006 11:09, Darrin Wortlehock wrote:
> I am currently assuming I would want two bridges defined in the dom0,
> one for the public IP's and one for the private network.  If this is
> the case, how should I go about creating the bridges in a dom0 that
> has no ethernet adapter? The private network's bridge would want to
> be accessible from dom0, the DMZ bridge definitely not.

Create the necessary additional interfaces/bridges in Dom0 using the dummy 
interface, then export them to the firewall DomU.  The firewall DomU will see 
them as network interfaces.

When you create the other DomU's, attach them to the appropriate bridges.

You can put all your DomUs on private IPs and use port forwarding on the 
firewall DomU.  The firewall DomU can then have both of your real IPs on the 
eth0 interface.

I hope this helps?  I am running a similar setup, and can provide some further 
assistance if you need it, though a lot of the information is on the lists as 
well.  My assistance would be Debian-specific, however,as that is what I am 
running on my Dom0.

-Alan

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>