Re: [Xen-users] NET Network / Server running on internal Network

To:	Dustin.Henning@xxxxxxxxxxx
Subject:	Re: [Xen-users] NET Network / Server running on internal Network not reachable
From:	"Christopher Isip" <cmisip@xxxxxxxxx>
Date:	Thu, 17 Jul 2008 17:55:34 -0400
Cc:	"Robert M. Münch" <robert.muench@xxxxxxxxxxxxxxx>, xen-users <xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date:	Thu, 17 Jul 2008 14:56:11 -0700
Dkim-signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type:references; bh=BtNGkZU/yyZsx3PSAeFLud0iJClg+5p2g8Tt3TbFcWw=; b=w1wrf9eK1watp1Jb9mhRnIRW0tAOQ9XeKixOnvEo7Q/GQkfZMu6xbyQN6HKFhoalCf SYWxNECHrNRyaoGssWkU3zwcIJQ+1dR2d6XAgFvl/GPWsB0PlJoDWEaeq+B3bxSpV63d gY4rRq2rX7PKlDRf+jUDUVWzaV8+FCkfiNS7w=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=iuE5PrS8Jprs128T+yokEu4tBd6XBAYhueLI7bKrPjBkaMLGpw14rIUd6OUmqLigvM mDi6AcToUeKGHvmNl/+IAurFLCnTlEYonPL813ArbfJpFFMbjXifpNcu0YmKMP9N14/W HBerLykoISTJD8KE5VUUIXcX887JfNf9HAbJE=
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<4bca5f6c0807122042yf95ac1fl3810eeb2822873af@xxxxxxxxxxxxxx>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<op.udzlyre33b5602@robby-laptop> <op.ud3gnj1v3b5602@robby-laptop> <-8575869288225174680@unknownmsgid> <4bca5f6c0807122042yf95ac1fl3810eeb2822873af@xxxxxxxxxxxxxx>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx

On Sat, Jul 12, 2008 at 11:42 PM, Christopher Isip <cmisip@xxxxxxxxx> wrote:

I am going to try to see If I can create a domU webserver. I need it to host anyterm. There might be some xen peculiarities at work here that I am not aware of. If I get a working configuration, I can post it here. First I will post a question to the list regarding security of dmz domUs in bridged interfaces.

Chris

I managed to get a couple of dmz webservers running in xen domUs. I got it done without the use of iptables or ebtables. I used shorewall. Its nowhere as complicated as the shorewall howtos on the net, although I am not sure how secure the setup would be. I have another thread in the list addressing this. My configuration is dom0 with two physical nics. One is pcibacked to an Asterisk/DNS/IPMasq/Firewall/DHCPServer domU. The other (peth0) is bridged to bridge eth0. My local domUs in this machine are connected to the eth0 bridge. The dmz domUs are connected to a bridge with no physical interface enslaved to it (xenbrD). The Asterisk domU has three interfaces then: eth0 - pcibacked nic (external to the internet), eth1 - the vif interface to the bridged nic (connection to local lan) and eth2 - the vif interface connected to the dmz bridge (connection to the dmz domUs). If you want to try this configuration, let me know and I can post the details. I used to have dom0 firewall routing but I dont have that setup anymore although I have some ideas on how it might(?) work.

Chris

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

WARNING - OLD ARCHIVES

xen-users

Re: [Xen-users] NET Network / Server running on internal Network not rea