WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Bridging firewall?

To: xen-devel@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] Bridging firewall?
From: Grzegorz Milos <gm281@xxxxxxxxxxxxxxxx>
Date: Fri, 21 Jan 2005 13:55:35 +0000
Delivery-date: Fri, 21 Jan 2005 13:58:12 +0000
Envelope-to: xen+James.Bulpin@xxxxxxxxxxxx
In-reply-to: <20050121104919.GF27277@stateless>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
References: <20050121104919.GF27277@stateless>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.6.2
> Is it possible with Xen to construct something like the following scenario.
>
> Free/NetBSD (*) domU server running pf or Linux/iptables, acting as a
> routing or bridging firewall for all the other domU guests? Further more
> create virtual DMZ and internal services.
>
> You'd probably keep the dom0 instance otherside this setup, with its own
> filtering arrangement.
>

If you give direct network device access to first domU you can set-up your 
scheme fairly easily. Otherwise (in the standard setup) dom0 will be handling 
all the incomming/outgoing traffic with no involvment from first domU (so no 
firewall possible there). 

Cheers
Gregor

> For instance, you have a subnet 192.168.1.0/24.  Put the dom0 on
> 192.168.1.254. Have the firewall router domU running on 192.168.1.1 and
> acting as the gateway for all the other machines on the subnet.
>
>
> (*) This is my dream, using pf for security and debian for serving the
> applications. ;)
>
> Nicholas
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> Tool for open source databases. Create drag-&-drop reports. Save time
> by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/xen-devel

-- 
Quidquid latine dictum sit, altum viditur --- Anon


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel