[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Re: Network isolation - PCI passthrough question



As far as I have seen, there are no way to attach domU nic directly to
my firewall domU. So, dom0 will always have access to network traffic
from domU, right ?


only if you add dom0 interface to bridge.  for example:

domu-2  :  tap2  --|
domu-1  :  tap1  --|
domu-fw :  tapfw --|
                   |
              tap-br0
                   |
dom0    :  tap0  --|


so only do

brctl addif tap-br0 tap0

when dom0 needs to join the LAN, then

brctl delif tap-br0 tap0

when you want dom0 to leave the LAN.
Again, I'm not sure if this is what you're trying to do, but it will isolate dom0 from your virtual LAN. 



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.