This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-users] Re: Network isolation - PCI passthrough question

let's see if I understand, something like:

domU (eth0) -> (PCI passthru) -> nic0

this domU will be like an appliance firewall, eth0 which is directly
configured to pci-dev nic0 is effectively the WAN interface of the domU

other domU vms are on the LAN side of firewall, so you need a "virtual LAN"

bridging to lo interface can be problematic.  instead, from dom0, configure
several 'tap' interfaces (see tunctl), and those can act as LAN interface of
the firewall domU and the interfaces of all other domU vms.  They can all be
bridged together 

tunctl -t tap0
tunctl -t tap1
# then
brctl addbr tap-br0
brctl addif tap-br0 tap0
brctl addif tap-br0 tap1
then assign tap0 to firewall domU, tap1 to first domU vm ...

is this what you're trying to accomplish?
View this message in context: 
Sent from the Xen - User mailing list archive at Nabble.com.

Xen-users mailing list