|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] LAN configuration?
Hi Marcus On Wed, 2005-09-14 at 10:35 +1000, Marcus Brown wrote: > For the LAN interface, hide the NIC from dom0 and export it to the > Firewall driver domain. For an internal DMZ create a bridge in dom0 > (possibly tied to a dummy interface) without an IP assigned to it > and export it to the firewall. Any domUs you want your LAN to access > just need to have this bridge specified in their xen config, and the > appropriate firewall rules for routing between the LAN and DMZ. How is a bridge like that exported to the firewall? I know how to export a physical device, but not a bridge. Is it done via a 'vif = [....]' statement in the firewall domain's configuration script? > You could use the Firewall driver domain as a network backend for your > domUs, but this results in a new vif being issued in the Firewall for > each domU created, and can cause problems with firewalls like Shorewall. > Hence my preference for an 'untethered' bridge. Yeah, I tried doing that (specifying "backend=fw01" in the domU's config), but since I have LAN and DMZ domUs on the host server, I could not find a way to specify which vif created on the firewall was to be in the DMZ and which was to be in the LAN :-( -Alan P.S.: Replies to the list as opposed to my personal address are preferred, as this information may be quite useful for others. :-) _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |