WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] DomU runnirng a firewall for Dom0 and others DomU

To: Pavel Georgiev <pavel@xxxxxxxxxxxx>
Subject: Re: [Xen-users] DomU runnirng a firewall for Dom0 and others DomU
From: "bugone82@xxxxxxxxxxx" <bugone82@xxxxxxxxxxx>
Date: Wed, 01 Mar 2006 15:28:16 +0100
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 01 Mar 2006 14:28:58 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <200603011207.59696.pavel@xxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <44056F9B.9000407@xxxxxxxxxxx> <200603011207.59696.pavel@xxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5 (Windows/20051201)
could you describe better your solution?
and if i have to use only one eth?
can i forward it on domU with firewall.. then resend the network traffic filtered from domU to a virtual interface on dom0?
and then route that traffic on other domains?


Pavel Georgiev wrote:
I`m using a similar setup - export both netwrk interfaces to DomU and run iptables on that domU (thus no direct inet access is allowed to the dom0, its a good idea to have serial console in case the firewall domU fails).


On Wednesday 01 March 2006 11:55, bugone82@xxxxxxxxxxx wrote:
Hi, someone knows if is it possible to run iptables rules on one DomU,
filtering and forwarding many services to other DomUs and Dom0?
I know it is possible to run rules on Dom0, but i would like to have an
independent firewall (DomU) filtering also what  happens on Dom0.
Any suggestion?

thanks,
Enrico

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
.



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>