WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] advanced bridging...

To: Marc Patino Gómez <mpatino@xxxxxxxxxxxx>
Subject: Re: [Xen-users] advanced bridging...
From: Geert Janssens <info@xxxxxxxxxxxx>
Date: Sat, 12 May 2007 18:22:53 +0200
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Sat, 12 May 2007 09:21:30 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <463ED92F.6060608@xxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Organization: Kobalt W.I.T.
References: <4639EC7F.30103@xxxxxxxxx> <200705051619.57890.info@xxxxxxxxxxxx> <463ED92F.6060608@xxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.4
Hi Marc,

I don't want to rush you, but have you found some time already to look at the 
config that would match my scheme ?

Thank you.

Geert

On Monday 7 May 2007 09:45, Marc Patino Gómez wrote:
> Hi Geert,
>
> you scheme it's so cool, I think it is one of the best way to secure
> Xen, I use similar config for one of my Xen servers.
> You can do it manualy, as told Bock. Normally, I use a wrapper of
> network-bridge. One question:
>
> In CentOS are xend-config.sxp and network-bridge scripts? In this case I
> can post the config
>
> Regards,
>
> Marc
>
> Geert Janssens wrote:
> > Hi Marc,
> >
> > I have seen two network diagrams of you passing in the thread already and
> > they both helped me understand the Xen networking a lot better.
> >
> > The first diagram explained how to setup a Xen system with 1 physical
> > NIC, where one domU acts as a firewall for the other domU's. In this
> > scenario, dom0 is connected to the bridge that links to the unsafe net
> > (the "outside" network for the domU firewall).
> >
> > The second diagram explained who to setup a Xen system with 2 physical
> > NICs, dom0 acts as a firewall between the two NICs. It is setup with two
> > bridges, one that connects the internet side of the virtual network
> > (first physical NIC and first virtual NIC) and one that connects the LAN
> > side of the virtual network (seconf physical NIC for the rest of the LAN,
> > second virtual NIC for dom0 and virtual NICs for the different domU's).
> >
> > Unfortunatly, what I am trying to achieve is yet another slight
> > variation. See the attached image.
> >
> > I would like to setup a system with two physical NICs (peth0 and peth1),
> > where the firewall runs in domU.
> >
> > For that I would like to setup two xen bridges.
> > The first is on the LAN side, and is a typical Xen bridge: one physical
> > NIC, a virtual NIC for dom0 and one for domU.
> >
> > The second would be on the internet side, but it should NOT have a
> > virtual NIC for dom0, only for domU. The idea is that dom0 should not be
> > accessible from the internet, only from the LAN.
> >
> > Is such a setup possible ? And if yes, how ?
> >
> > Thank you.
> >
> > Geert Janssens
> >
> > P.S. in an earlier attempt I tried to eliminate the second bridge
> > altogether by assigning peth1 directly to the domU with PCI back.
> > Unfortunatly, I can't seem to get PCI back working correctly on my
> > system, so I'd like to try this alternative approach.
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Xen-users mailing list
> > Xen-users@xxxxxxxxxxxxxxxxxxx
> > http://lists.xensource.com/xen-users

-- 
Kobalt W.I.T.
Web & Information Technology
Brusselsesteenweg 152
1850 Grimbergen

Tel  : +32 479 339 655
Email: info@xxxxxxxxxxxx

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>