Hi Marc,
I don't want to rush you, but have you found some time already to look at the
config that would match my scheme ?
Thank you.
Geert
On Monday 7 May 2007 09:45, Marc Patino Gómez wrote:
> Hi Geert,
>
> you scheme it's so cool, I think it is one of the best way to secure
> Xen, I use similar config for one of my Xen servers.
> You can do it manualy, as told Bock. Normally, I use a wrapper of
> network-bridge. One question:
>
> In CentOS are xend-config.sxp and network-bridge scripts? In this case I
> can post the config
>
> Regards,
>
> Marc
>
> Geert Janssens wrote:
> > Hi Marc,
> >
> > I have seen two network diagrams of you passing in the thread already and
> > they both helped me understand the Xen networking a lot better.
> >
> > The first diagram explained how to setup a Xen system with 1 physical
> > NIC, where one domU acts as a firewall for the other domU's. In this
> > scenario, dom0 is connected to the bridge that links to the unsafe net
> > (the "outside" network for the domU firewall).
> >
> > The second diagram explained who to setup a Xen system with 2 physical
> > NICs, dom0 acts as a firewall between the two NICs. It is setup with two
> > bridges, one that connects the internet side of the virtual network
> > (first physical NIC and first virtual NIC) and one that connects the LAN
> > side of the virtual network (seconf physical NIC for the rest of the LAN,
> > second virtual NIC for dom0 and virtual NICs for the different domU's).
> >
> > Unfortunatly, what I am trying to achieve is yet another slight
> > variation. See the attached image.
> >
> > I would like to setup a system with two physical NICs (peth0 and peth1),
> > where the firewall runs in domU.
> >
> > For that I would like to setup two xen bridges.
> > The first is on the LAN side, and is a typical Xen bridge: one physical
> > NIC, a virtual NIC for dom0 and one for domU.
> >
> > The second would be on the internet side, but it should NOT have a
> > virtual NIC for dom0, only for domU. The idea is that dom0 should not be
> > accessible from the internet, only from the LAN.
> >
> > Is such a setup possible ? And if yes, how ?
> >
> > Thank you.
> >
> > Geert Janssens
> >
> > P.S. in an earlier attempt I tried to eliminate the second bridge
> > altogether by assigning peth1 directly to the domU with PCI back.
> > Unfortunatly, I can't seem to get PCI back working correctly on my
> > system, so I'd like to try this alternative approach.
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Xen-users mailing list
> > Xen-users@xxxxxxxxxxxxxxxxxxx
> > http://lists.xensource.com/xen-users
--
Kobalt W.I.T.
Web & Information Technology
Brusselsesteenweg 152
1850 Grimbergen
Tel : +32 479 339 655
Email: info@xxxxxxxxxxxx
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|