|
|
|
|
|
|
|
|
|
|
xen-users
Re: [Xen-users] Port based securiy noob
On Friday 21 October 2005 07:29, Richard Sperry wrote:
> I am looking to building an appliance that runs several Instances of linux
> each running the same Java server app. this way i can grant access to the
> box (hosted solution) to the customer. I do want to lock each instance to
> one port on the physical nic. Is this possible?
Of course. Either pass the PCI device for each NIC to the right domU, but that
might not work if its multiple NICs on a single PCI device, or create a
seperate bridge for each physical NIC in dom0, and attach only one domU to
each bridge. Run the bridges and NICs without IP address in dom0. Now even
all domU<->domU traffic will run over the external interfaces.
If you need faster domU<->domU networking, simply create another
"inter-domain" bridge, and connect a secondary virtual nic in the domUs to
that (if you'd give that bridge an IP inside dom0, you can now even ssh into
your domUs over the internal net, and have sshd in them only bind to that,
think "management net")
/Ernst
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
|
|