 Home |
Products |
Support |
Community |
News |
xen-users
Re: [Xen-users] Ideal(istic) Xen firewall design
| To: | Marcus Brown <marcusbrutus@xxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: [Xen-users] Ideal(istic) Xen firewall design |
| From: | Nicholas Lee <emptysands@xxxxxxxxx> |
| Date: | Sat, 13 Aug 2005 15:11:29 +1200 |
| Cc: | bgb@xxxxxxxxx, xen-users@xxxxxxxxxxxxxxxxxxx |
| Delivery-date: | Sat, 13 Aug 2005 03:09:52 +0000 |
| Domainkey-signature: | a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=teYfR2/JC1pwpOYrFUJ41H7qQtA7HSF9epZUlnkLax2cKh0iWhhmFXiL0/6XyiDKD+lLXMDxMtYARSzEMhOZHG9b83mJKotkaumCBbWX5Y5JiSSD7b9H3R05/GgWAMPZJzb1PlmTE9KB2ZB4k4oMgPMWia8yGgTAHBOtabJO9hU= |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxxx |
| In-reply-to: | <42FC1FBC.2070409@xxxxxxxxxxxxxxxx> |
| List-help: | <mailto:xen-users-request@lists.xensource.com?subject=help> |
| List-id: | Xen user discussion <xen-users.lists.xensource.com> |
| List-post: | <mailto:xen-users@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe> |
| References: | <42FAC8B2.8070601@xxxxxxxxxxxxxxxx> <42FB20AB.2000906@xxxxxxxxxxxxxxxxxxxxxxx> <42FC02B7.5010605@xxxxxxxxxxxxxxxx> <1123815231.4815.57.camel@xxxxxxxxxxxxxxxxxxxxxxx> <42FC1FBC.2070409@xxxxxxxxxxxxxxxx> |
| Sender: | xen-users-bounces@xxxxxxxxxxxxxxxxxxx |
On 8/12/05, Marcus Brown <marcusbrutus@xxxxxxxxxxxxxxxx> wrote:
>
> I understand from various postings that I need to manually create the
> extra bridges before bringing up the Firewall domain.
> I guess I could do that in a number of ways,
> but is there a 'Xen approved' method?
I'm not doing the firewall with Xen thing yet, but this is what I've
done for both Xen and UML for my 'virutal internal' networks:
/etc/network/interfaces
auto internal-br
iface internal-br inet static
address 10.1.0.254
netmask 255.255.0.0
network 10.1.0.0
broadcast 10.1.255.255
bridge_ports eth1
bridge_fd 0
bridge_hello 1
bridge_stp off
up route add -net 192.168.1.0/24 gw 10.1.0.1
down route del -net 192.168.1.0/24 gw 10.1.0.1
Note, in your setup you might use dummy0/1 instead of eth1 in the
above. I leave the default xen-br to xen itself to configure.
I used dummy interfaces succesfully with UML, I'm not sure how well
they would work with Xen. Single processor Xen seems to have
performance issues with networking between virtual domUs on the same
host.
--
Nicholas Lee
http://stateless.geek.nz
gpg 8072 4F86 EDCD 4FC1 18EF 5BDD 07B0 9597 6D58 D70C
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [Xen-users] Options for >4GB setups, Gino LV. Ledesma |
|---|---|
| Next by Date: | [Xen-users] Jumbo frames in 2.0.6 dom0, Teemu Koponen |
| Previous by Thread: | Re: [Xen-users] Ideal(istic) Xen firewall design, Mark Williamson |
| Next by Thread: | Re: [Xen-users] Ideal(istic) Xen firewall design, Dirk H. Schulz |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
