WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] Managed Firewall

from [Jonathan Tripathy] [Permanent Link][Original]
To: Xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Managed Firewall
From: Jonathan Tripathy <jonnyt@xxxxxxxxxxx>
Date: Sat, 12 Jun 2010 18:28:02 +0100
Cc:
Delivery-date: Sat, 12 Jun 2010 10:29:18 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100423 Thunderbird/3.0.4 
Hi everyone,
Once I roll out my Xen VPS hosting solution, I wish to provide a "managed firewall" service to my customers. What I wish to do is to use my firewall (which will sit on the edge between the ISP WAN and my VM's LAN) to filter traffic between the WAN and the LAN VMs (this is easy), as well as filter between the VMs.
Now, this "firewall" will actually be a "filtering bridge" as the VMs will be using public IPs, so the firewall's WAN and LAN interfaces will be bridged together. My question is, how can I "force" all traffic from each VM host to go back out via the firewall? Is it just a matter of using iptables/ebtable in the bridge in the Dom0 to make sure that the vifs can only communicate with the physical interface (which will be connected to the firewall) ?
I think the hardest part will be to configure the switch in such a way that it doesn't route traffic directly to the destination VM. 

The firewall will be using pfsense by the way.

Any help or tips is very much appreciated.

Thanks

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] DSN: failed (), Mailbot for etexusa . com
Next by Date:  Re: [Xen-API] [XCP]: RC1 of XCP 0.5 available for testing, Marco Sinhoreli
Previous by Thread:  [Xen-users] DSN: failed (), Mailbot for etexusa . com
Next by Thread:  Re: [Xen-users] Managed Firewall, Simon Hobson
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy