| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
Re: [Xen-users] firewall in domU
Tamás Pisch wrote:
I use Xen on two Debian server now. On one, I'm
going to install a router/firewall in a domU
(dedicated for this task). It seems, the best
would be to hide the wan interface from dom0
with pci passthrough. Unfortunately, the two
servers aren't identical. The older doesn't have
vt-d support, ...
It works without vt-d (or iommu).
On my old amd-64 box I bott it with :
title Xen 3.2-1-amd64 / Debian
2.6.26-bpo.2-xen-amd64 - Ext Eth & DVB tuner
hidden
root (hd0,0)
kernel /xen-3.2-1-amd64.gz dom0_mem=512M
module /vmlinuz-2.6.26-bpo.2-xen-amd64
root=/dev/sda3 ro console=tty0
pciback.hide=(01:07.0)(01:06.0)
module /initrd.img-2.6.26-bpo.2-xen-amd64
Then in my firewall DomU I have :
pci=['01:07.0']
in the config file.
That's all from Debian. Dom0 has Etch with xen
3.2.1, and as you can see above, kernel
2.6.26-xen from Backports. DomU is Squeeze
running 2.6.26-xen from the standard
repositories. DomU used to be an older version -
I upgraded it recently for some IPv6 stuff I have
been playing with.
I did try Squeeze & 2.6.32 on a new AMD-64 box
(an HP Microserver) and the same setup worked,
but I had some performance issues with MythTV as
a guest and the tuner didn't seem to want to work
with more than 4G RAM in the machine and a Xen
kernel (works fine with 8G and a non-Xen kernel).
Since I could get another Microserver for £140
after cashback, I decided to give MythTV it's own
box and get a second for everything else.
In later versions, pciback.hide is now
xen-pciback.hide. In my DomU I needed iommu=soft
but not swiotlb=force.
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
| |
|
Home