WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] firewall in domU

from [Joost Roeleveld] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] firewall in domU
From: Joost Roeleveld <joost@xxxxxxxxxxxx>
Date: Thu, 25 Aug 2011 18:24:34 +0200
Delivery-date: Thu, 25 Aug 2011 09:28:11 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CANq5EDyZWcJwxkJLqTFqWKdUCK7L_L4xz7XCnneUSYXYeUrG-A@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <CANq5EDyZWcJwxkJLqTFqWKdUCK7L_L4xz7XCnneUSYXYeUrG-A@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/4.7.0 (Linux/2.6.36-gentoo-r5; KDE/4.7.0; x86_64; ; ) 
On Thursday, August 25, 2011 07:34:36 AM Tamás Pisch wrote:
> Hi,
> 
> I use Xen on two Debian server now. On one, I'm going to install a
> router/firewall in a domU (dedicated for this task). It seems, the best
> would be to hide the wan interface from dom0 with pci passthrough.
> Unfortunately, the two servers aren't identical. The older doesn't have vt-d
> support, but I have to install the firewall on it, because the newer has
> bigger load now.
> My question is: how can I use software pci passthrough?

As Simon mentioned, you don't need vt-d to pass a network card through. 
(provided the card plays nice)

I have had some NICs that didn't allow this and as long as you don't give the 
WAN-network card an IP, it should not be possible to access the host directly.

--
Joost

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] Problem of modifying grub to boot kernel, John(Zhi) Liu
Next by Date:  Re: [Xen-users] preferred XEN dom0 OS, Joost Roeleveld
Previous by Thread:  Re: [Xen-users] firewall in domU, Simon Hobson
Next by Thread:  [Xen-users] OT: Staging startups for dependent machines, Simon Hobson
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy