[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Question about using Xen in a periphery firewall/router scenario
Sanjay Arora wrote: > The approach I've used at home is to hide a network card from Dom0 (seepic-back.hide) and pass it through to a DomU which then sees it as a native interface. I then run a firewall in the DomU and the outside traffic does NOT go through Dom0. The route for packets is then :> real i/f -> DomU (firewall) -> VIF -> int bridge [ Dom0 | VIF -> DomU ] Can you advise hoe to set this up? Use lspci to find the PCI address of the network card.Edit your host boot menu (/boot/grub/menu.lst) to 'hide' the device from your Dom0 like this : title Xen 3.2-1-amd64 / Debian 2.6.18-6-xen-amd64 - Ext Eth hidden root (hd0,0) kernel /xen-3.2-1-amd64.gz dom0_mem=512Mmodule /vmlinuz-2.6.18-6-xen-amd64 root=/dev/sda3 ro console=tty0 pciback.hide=(01:07.0)(01:06.0)module /initrd.img-2.6.18-6-xen-amd64 savedefault Note : "module /vmlinuz-2.6.18-6-xen-amd64 root=/dev/sda3 ro console=tty0 pciback.hide=(01:07.0)(01:06.0)" is all on one line. In this case I've hidden two devices - one is a network card, the other is a TV tuner. Note that you MUST include leading zeros in the PCI address - ie 01:07.0 is valid, 1:7.0 will NOT work. Then you make the device available to a DomU like this : # Config file for Bubbles (Router) kernel = '/boot/vmlinuz-2.6.18-6-xen-amd64' ramdisk = '/boot/initrd.img-2.6.18-6-xen-amd64' memory = '256' root = '/dev/sda1 ro'disk = [ 'phy:/dev/vgmain/bubblesroot,sda1,w', 'phy:/dev/vgmain/bubblesswap,sda2,w', 'phy:/dev/vgbackup/bubblesbackup,sda3,w' ]name = 'bubbles' pci=['01:07.0'] vif = [ 'bridge=eth0,ip=192.168.0.2,mac=00:16:3e:35:f4:02' ] on_poweroff = 'destroy' on_reboot = 'restart' on_crash = 'restart' Search for "pciback" in the Xen documentation for more info - there other ways of doing it, but this is reasonably simple to set up. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |