WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] confused: How to put packetfilter into domU and isolate

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] confused: How to put packetfilter into domU and isolate dom0 completely?
From: Carsten Aulbert <carsten@xxxxxxxxxxxxxxxx>
Date: Tue, 27 Mar 2007 15:25:03 +0200
Delivery-date: Tue, 27 Mar 2007 06:24:41 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <55361.217.124.118.147.1174998585.squirrel@xxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4608F27A.8020900@xxxxxxxxxxxxxxxx> <55361.217.124.118.147.1174998585.squirrel@xxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070306 Thunderbird/1.5.0.10 Mnenhy/0.7.5.666
Hi,

Angel Lopez wrote:

>> give me the correct words to use in search engines? I've seen
>> pciback.hide for the dom0 kernel, but how can I make certain that the
>> filtering domU will get that card?

> I have done this. First, you have to know the PCI ID of the NIC, you can
> get this with the lspci command. Second, you have to tell the PCI ID to
> the kernel, you can indicate this with the pciback.hide parameter. Third,
> you assign the PCI ID to the VM with the pci parameter in the VM config
> file.

Thanks a lot, I somehow missed that part, that pci needed to be on its
own. I always tried to put it into the vif line.

> The hidden NIC doesn't appears in Dom0, you won't see it with ifconfig,
> and it will be available in the DomU that the NIC was assigned to.

Yes, I'm seeing that right now :)

> I only have a problem with this, if I hide eth3 to Dom0 and assign it to a
> DomU, I see the interface in the DomU as eth3 not as eth0... how can I
> rename it? with the "ip link set name" command?

I don't see that, however I just have a single NIC in the computer.
With these settings, I get:

vif = ['bridge=mybridge']
pci=['00:04.0']

eth0 is attached to mybridge
eth1 is the physical nic (physical server has only single nic)

if I set
vif = ['','bridge=mybridge']
pci=['00:04.0']

eth0 is unused
eth1 is attached to bridge
eth2 is the physical nic

Thus it seems the pci device is set always behind the defined vifs.

Thanks for your help, it seems this solution is much easier to handle
than multiple bridges!

Cheers

Carsten


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>