WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Port based securiy noob

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Port based securiy noob
From: Ernst Bachmann <e.bachmann@xxxxxxxx>
Date: Fri, 21 Oct 2005 10:57:02 +0200
Delivery-date: Fri, 21 Oct 2005 08:54:21 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <000001c5d600$6f28dc20$0100000a@scylla>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <000001c5d600$6f28dc20$0100000a@scylla>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.8.1
On Friday 21 October 2005 07:29, Richard Sperry wrote:
> I am looking to building an appliance that runs several Instances of linux
> each running the same Java server app. this way i can grant access to the
> box (hosted solution) to the customer. I do want to lock each instance to
> one port on the physical nic.  Is this possible?

Of course. Either pass the PCI device for each NIC to the right domU, but that 
might not work if its multiple NICs on a single PCI device, or create a 
seperate bridge for each physical NIC in dom0, and attach only one domU to 
each bridge. Run the bridges and NICs without IP address in dom0. Now even 
all domU<->domU traffic will run over the external interfaces.
If you need faster domU<->domU networking, simply create another 
"inter-domain" bridge, and connect a secondary virtual nic in the domUs to 
that (if you'd give that bridge an IP inside dom0, you can now even ssh into 
your domUs over the internal net, and have sshd in them only bind to that, 
think "management net")

/Ernst

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>