| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
Re: [Xen-users] dom0 networking
Hi Paolo
Am Freitag 07 Juli 2006 06:02 schrieb Paolo Supino:
> Hi
>
> I have a bit of a problem that I have to overcome. I have 2 networks
> that I need to run different system on (DMZ and internal). I have one
> computer that has two NICs and I thought of doing the following: Setup
> Xen and run dom0 without giving it an IP address. Setup one domU that is
> bridged through the first NIC and a second domU that is bridge through a
> second bridge on the second interface.
Should be possible. You could even hide the nics from dom0 and hand them over
to the domU. Thats my current setup.
> The result of this setup is that
> I have 2 domUs that are totally separated even on the network level and
> dom0 that is unreachable because it doesn't exist in layer 3 and above.
> The questions I have:
> 1. Is it possible not to give dom0 an IP address at all and still have
> the domU be able to network?
Yup. Since in standard setup the physical device and the device dom0 sees as
eth0 are different. The physical device becomes peth0 and is attached to a
bridge and veth0 is renamed to eth0 and then gets the ip and mac of the old
eth0.
you just might want to modify /etc/xen/scripts/network-bridge. There might be
an easier way which I'm missing right now, since I myself just started
> 2. Is such a setup has a security weakness that I'm not seeing?
Don't know about that one...
Jonathan
pgpw0E7IL70Sn.pgp
Description: PGP signature
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
| |
|
Home