This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-users] Xen 3.4.2 networking help

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Xen 3.4.2 networking help
From: Alexander Zherdev <azherdev@xxxxxxxxx>
Date: Tue, 26 Oct 2010 09:44:34 -0700 (PDT)
Delivery-date: Tue, 26 Oct 2010 09:45:44 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1288111474; bh=LVpQaftGfkEB6Nz2dhxgNm9APFnx97nHLo27O5JEddQ=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=raE1tOELse4ZS4Ylw8VaHHvOyAXGog9i30f3xkPk4huBLWsHXp3w8Vr3773kBtdRBD9ZMvopWZ8DyeVJmmzjXJQ3Rbkz2by5+C27CkiDm9prhKhRVon82oWmo2CKrAOJc87Yk2Y5LHze4DpBffdr9LCfBmntTnzHlXap0VXkkuo=
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=bkz10Qr1BWHMTFzV+31hFiFOc3Z49tCiM3wuDCcMGXjvwqrUjZ+nbx85arcEYJ9eOZ1eHOeW+R1HM9LeaNoAiRIbOh4VQjTF4bsrRkmfjSNElag4ZMzxvT5WdPxS27K0OY5atBoG72ijpTkB0+1DzA5sz/p2eqipQcyxus9Mlds=;
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
(If this is a double post, I apologize, my email client crashed when I first sent it)

I need some help to configure a secure network on my Xen server. I have been looking online and it seems a I need a routed network. But I am having a terrible time implementing it.

My setup:

Xen 3.4.2
CentOS 5.5 Dom0
1 NIC (eth0)
 All guests will be HVM

What I want to do is something similar to a firewall and port forwarding.


DomU.1 has DHCP address of (DHCP matches MAC to assign same address and simplifies in creating templates)
DomU.2 has DHCP address of (DHCP matches MAC to assign same address and simplifies in creating templates)

Dom0 eht0 has public IP of that forwards port 22 + 80 + 443 to
Dom0 eht0 has public IP of that forwards port 21 + 22 + 80 + 443 to

Ideally, the main network card will have a bunch of public IPs that will individually route to internal DomU systems that have private IP addresses.

I also need to prevent a DomU from: a) stealing other IPs and b) communicating with other private systems unless Dom0 sais ok.
Right now, I do not need to have DomU on different physical servers sharing same network - what open vswitch provides as I understand it - that's phase 2. But of course if it provides what I need above easily, then I'm for it.

What do I need? I know how to accomplish most of it using real hardware with firewalls, vlans, etc.

I am fairly new to Xen so please, if possible, provide examples.
Alexander Zherdev
Xen-users mailing list