This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] transparant (secure) bridge

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] transparant (secure) bridge
From: Luciano Rocha <strange@xxxxxxxxxxxxx>
Date: Tue, 8 Apr 2008 17:04:54 +0100
Delivery-date: Tue, 08 Apr 2008 09:05:50 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <dad39cd60804080850l57e1fe3cj73a1fdbf0344830c@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <dad39cd60804080850l57e1fe3cj73a1fdbf0344830c@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.14 (2007-03-31)
On Tue, Apr 08, 2008 at 05:50:56PM +0200, Jeroen Kleijer wrote:
> Hi all,
> I've been reading up on the xen networking options / differences as
> written in http://wiki.kartbuilding.net/index.php/Xen_Networking and
> see a couple of examples that interest me like the (default) bridging
> but also the routed networking.
> However, the thing I'm most interested in would be transparant network
> bridging like a firewall bridge where the bridging host (dom0) has no
> exposed IP address to the outside world and is only accessible through
> the console or a completely separate management interface (eth1, not
> accessible from any of the domU's)
> Since dom0 has no IP interface exposed to the outside but only acts as
> a bridge from the outside to the domU's, that would make the dom0 a
> bit more secure.
> Would such a implementation be feasible or does the dom0 network
> interface always have to have an IP stack for the bridging to work?

The IP interface doesn't have to have an IP address, just be up, but I
don't know if such configuration is supported by xen's network
configuration scripts.


Attachment: pgpwrAtoF43Vf.pgp
Description: PGP signature

Xen-users mailing list
<Prev in Thread] Current Thread [Next in Thread>