[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] firewall in domU

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: Simon Hobson <linux@xxxxxxxxxxxxxxxx>
Date: Thu, 25 Aug 2011 08:11:09 +0100
Delivery-date: Thu, 25 Aug 2011 00:12:33 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

Tamás Pisch wrote:

I use Xen on two Debian server now. On one, I'mgoing to install a router/firewall in a domU(dedicated for this task). It seems, the bestwould be to hide the wan interface from dom0with pci passthrough. Unfortunately, the twoservers aren't identical. The older doesn't havevt-d support, ...


It works without vt-d (or iommu).

On my old amd-64 box I bott it with :

title Xen 3.2-1-amd64 / Debian2.6.26-bpo.2-xen-amd64 - Ext Eth & DVB tunerhidden

root            (hd0,0)
kernel          /xen-3.2-1-amd64.gz dom0_mem=512M

module /vmlinuz-2.6.26-bpo.2-xen-amd64root=/dev/sda3 ro console=tty0pciback.hide=(01:07.0)(01:06.0)

module          /initrd.img-2.6.26-bpo.2-xen-amd64

Then in my firewall DomU I have :
pci=['01:07.0']
in the config file.

That's all from Debian. Dom0 has Etch with xen3.2.1, and as you can see above, kernel2.6.26-xen from Backports. DomU is Squeezerunning 2.6.26-xen from the standardrepositories. DomU used to be an older version -I upgraded it recently for some IPv6 stuff I havebeen playing with.

I did try Squeeze & 2.6.32 on a new AMD-64 box(an HP Microserver) and the same setup worked,but I had some performance issues with MythTV asa guest and the tuner didn't seem to want to workwith more than 4G RAM in the machine and a Xenkernel (works fine with 8G and a non-Xen kernel).Since I could get another Microserver for £140after cashback, I decided to give MythTV it's ownbox and get a second for everything else.

In later versions, pciback.hide is nowxen-pciback.hide. In my DomU I needed iommu=softbut not swiotlb=force.


--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- [Xen-users] firewall in domU
  - From: TamÃs Pisch

Prev by Date: Re: [Xen-users] guest to guest communication
Next by Date: [Xen-users] OT: Staging startups for dependent machines
Previous by thread: [Xen-users] firewall in domU
Next by thread: Re: [Xen-users] firewall in domU
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.