WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] How to disable the public ip in Dom0 and enable on DomU

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] How to disable the public ip in Dom0 and enable on DomU
From: Mirco Santori <mirco.santori@xxxxxxxxx>
Date: Sun, 18 Oct 2009 14:28:39 +0200
Delivery-date: Sun, 18 Oct 2009 05:29:30 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=Z2It1LPThewxcB3+O7H3Gog+mO7z+dclwlwpgVw1iTw=; b=qNF4xV+SgItG/nC9frpFWjhiKYnLhHb2aPf7eqjgNpo70zByK/X5cQFUcAlj649klh 4L2/Z9UvkhocB4B5YySneONpEgcyOOiX7d++HbifS9oz2OaNDMeGhTP+VbNmkobFzgug TOV9WWEuQYup0M/nYBwPBlrr7KNrspe0YgQxQ=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=ZQAykR0cCfzOwquwZZZOtnTmEXbdllWVKgMxHuto1MadNqZkyIfAPo8CCKW5PHeikM gudbyxngtdrZP00VQLbO8NMsc8I32mcsg5LzKu2NWbOqlsrt3vCKC1p8Nc7SRXqg68gB qJ6GOjhegbxVHmMTFULO2L7ar1+KmZY9d295Y=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Hi All,

i come to you guys due a customization needed on my IT infrastructure.

I have a dedicated physical server (HP Proliant - Ram 12 Gb) where i configured some virtual machine for web services based .
I would like to make some changes to my current configuration in order to improve security and more.
The current configuration needs of two public ip address because i dont know how to configure the DomU (proxy) to have the public ip address without to configure the same on the Dom0 which will share the same nic to the domU.
I am running debian lenny and i am sure many of you know about the problem with the xen script which doesnt work in lenny.
So i decided to create a manual bridge in the /etc/networking/interfaces and to leave the xen script without any changes.

What i wish to do is to don't provide any public access to the dom0 (for security reason and to keep the other ip address for other things).

Here is the current configuration :

Dom0  : host -> ( public ip : 195.xxx.xx.220 - private ip : 192.168.1.10)
DomU  : proxy -> (public ip : 195.xxx.xx.221 - private ip : 192.168.1.11 )
DomU  : php server -> private ip -> 192.168.1.12
DomU  : java server -> private ip -> 192.168.1.13
DomU  : db server -> private ip -> 192.168.1.14

and here is how i would like to change :

Dom0  : host -> ( private ip : 192.168.1.10)
DomU  : proxy -> (public ip : 195.xxx.xx.221 - private ip : 192.168.1.11 )
DomU  : php server -> private ip -> 192.168.1.12
DomU  : java server -> private ip -> 192.168.1.13
DomU  : db server -> private ip -> 192.168.1.14

and here the interface's conf :

auto lo
iface lo inet loopback

auto xenbr0
iface xenbr0 inet static
        address xxxxxxx
        netmask 255.255.255.xxx
        network xxxxxxxx
        broadcast xxxxxxxx
        gateway xxxxxxx
        bridge_ports eth0
        bridge_stp off
        bridge_maxwait 0
        dns-nameservers xxx.xx
        dns-search xxx.com

auto xenbr1
iface xenbr1 inet static
        address 192.168.1.10
        netmask 255.255.255.0
        network 192.168.200.0
        broadcast 192.168.200.255
        gateway xxx.129
        bridge_ports eth1
        bridge_stp off
        bridge_maxwait 0
        dns-nameservers xxx.5
        dns-search xxx.com

Could someone give me some advices or suggest on how to reach my target ?
I am working with the network-bridge .. should i use NAT or ROUTE xen networking ?

The problem is when i tried to un-configure the eth0 in the Dom0 side with a fixed and public ip .. it would not available for the DomU (proxy) as well

many thanks for any answering

N
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
<Prev in Thread] Current Thread [Next in Thread>