WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] pfSense HVM

from [Jonathan Tripathy] [Permanent Link][Original]
To: Nicolas Vilz 'niv' <niv@xxxxxxxxxx>, Xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] pfSense HVM
From: Jonathan Tripathy <jonnyt@xxxxxxxxxxx>
Date: Sat, 29 May 2010 00:46:04 +0100
Cc:
Delivery-date: Fri, 28 May 2010 16:47:22 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4C001295.4040909@xxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4BFE986C.5000704@xxxxxxxxxxx> <4C001295.4040909@xxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100423 Thunderbird/3.0.4
actually, i use pfSense in hvm quite a while... it works. recently i tried to get pfSense in pv, but that needs to be polished some time before it is ready to use. (it works, but it is half broken that way and i spent the whole day yesterday to get a clear view on that problem).
That's good that it works well in HVM. What kind of throughput can you get? My co-lo is giving me a 100Mbit connection, thing Xen can handle that?
make sure, you can access that dom0 in event of emergency. If anything happens to your pfsense, which is possible, you probably can't access your dom0 anymore and are stuck and thats probably not what you want.
This is a really good point, and I'm not sure what to do in this case. The only thing I can think of, is to give the 2nd physical NIC on the server access to the Dom0 directly (bypassing the pfSense firewall DomU), however I'm not sure if my co-lo can provision this without extra costs...
btw, you don't need to passthrough your nic for that behavior. In a bridged setup you just have to leave your bridge interface to the outside without an ip address.
Since the NIC will be the physical interface for the WAN, I thought I would use PCI Passthrough for extra security? So that the Dom0 has *no access* to the physical NIC? Or am I incorrect? 


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Anyone able to NFS boot on xen 4.x ?, Bruce Edge
Next by Date:  Re: [Xen-users] pfSense HVM, Jonathan Tripathy
Previous by Thread:  Re: [Xen-users] pfSense HVM, Jonathan Tripathy
Next by Thread:  Re: [Xen-users] pfSense HVM, Nicolas Vilz 'niv'
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy