| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
[Xen-users] Best practice for firewall in domU
Sorry if this has been discussed before, but I am having trouble
finding a definite answer...
I am setting up a co-located server with a single nic and 2 IP's. I
believe I want to run a firewall in the first domU (consuming 1 IP
address), a web-serving domU with 2 network interfaces (other public
IPs as DMZ and private network) and several other domU's with only
private network interfaces (running app + db servers) . I want to
bridge the private network to a tun/tap openvpn server in the
firewall domU. Dom0 should probably be connected to the management
interface. This all seems doable in Xen with the current version.
I can successfully use pciback to hide the ethernet adapter from dom0
and configure it in the firewall domU. Is this considered a best
practice? If so, how do I bridge/route the other IP to the second domU?
I am currently assuming I would want two bridges defined in the dom0,
one for the public IP's and one for the private network. If this is
the case, how should I go about creating the bridges in a dom0 that
has no ethernet adapter? The private network's bridge would want to
be accessible from dom0, the DMZ bridge definitely not.
Any thoughts would be greatly appreciated.
Darrin.
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Xen-users] Best practice for firewall in domU,
Darrin Wortlehock <=
|
|
|
| |
|
Home