I have a physical server with four interfaces. Dom0 will be
running Shorewall to take care of the firewall/routing functions of our
network. A domU will be running Asterisk for VoIP, and a second domU will
serve up a basic website. I also intend to eventually bring up another DomU
running SER (a SIP proxy) to assist external VoIP clients who are behind a NAT
gateway. I am planning on using the four physical interfaces as follows:
eth0: Connected to our LAN.
eth1: DMZ. This will primarily contain a Cisco PIX to
provide legacy access to our VPN, which is in the process of being replaced
with OpenVPN. I would also like to bring up the public web server here. I will
likely setup a static NAT config in Shorewall for this zone.
eth2: Internal VoIP network. In the office we have a physically
separate LAN (separate cabling, switch, etc) which will interconnect the VoIP
phones and the (virtualized) Asterisk server.
eth3: Our T1 connection to the Internet. Our telecom
provider is also providing our voice trunking via SIP handoff, so both voice
and data will be coming in on this interface.
Once I get my head wrapped around all of this and get a
stable config working, I’d also like to swap out the dual-port NIC with a
quad-port. I’d then add in two additional zones for a backup DSL
connection and wifi access.
I’m very comfortable with Asterisk and moderately experienced
with Shorewall, but still rather new to Xen and am having difficulty
visualizing the proper network config to use. Bridged? Routed? With a handful
of servers and switches I’m sure I’d manage much better, but that’s
not very efficient. :-) Anyone have any suggestions? Thanks!