|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Network Interface Problems for DomU Firewall
On Sat, Aug 1, 2009 at 1:54 AM, Tom Jensen<tom.jensen@xxxxxxxxxxxxxxxxxxxxxx> wrote: > As I mentioned before, my ultimate goal is to configure a standard three > interface firewall within the DomU. Most of the information I have found > on the subject suggests the most secure way to accomplish this is to > dedicate the interface connected to the Internet to the DomU using PCI > passthrough. It depends on how you define "secure" :) > The other two interfaces (DMZ & LAN) would be virtual > interfaces bridged to the Dom0. I am open to other concepts for creating > a firewall DomU if anyone cares to share their configurations. In my setup, in terms of networking I look at dom0 as an L2 switch. It has one or more uplink trunk interfaces (the physical interface), several access or trunk downlink interfaces (the bridges and domU interfaces), and (optionally) one dedicated management link with a management IP. So for the internet link I simply create another bridge on dom0, but without an IP address. This is similar to the way an L2 switch can have a vlan containing internet traffic, but the switch itself does not have a public IP address. I find this setup easier to manage (since it's similar to a real physical setup), plus I'm not limited to the number of physical interface on dom0. -- Fajar _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |