WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Question about using Xen in a periphery firewall/router

Sanjay Arora wrote:

 > The approach I've used at home is to hide a network card from Dom0 (see
 pic-back.hide) and pass it through to a DomU which then sees it as a native
 interface. I then run a firewall in the DomU and the outside traffic does
 NOT go through Dom0.  The route for packets is then :

 > real i/f -> DomU (firewall) -> VIF -> int bridge [ Dom0 | VIF -> DomU ]

Can you advise hoe to set this up?

Use lspci to find the PCI address of the network card.


Edit your host boot menu (/boot/grub/menu.lst) to 'hide' the device from your Dom0 like this :
title           Xen 3.2-1-amd64 / Debian 2.6.18-6-xen-amd64 - Ext Eth hidden
root            (hd0,0)
kernel          /xen-3.2-1-amd64.gz dom0_mem=512M
module /vmlinuz-2.6.18-6-xen-amd64 root=/dev/sda3 ro console=tty0 pciback.hide=(01:07.0)(01:06.0)
module          /initrd.img-2.6.18-6-xen-amd64
savedefault

Note : "module /vmlinuz-2.6.18-6-xen-amd64 root=/dev/sda3 ro console=tty0 pciback.hide=(01:07.0)(01:06.0)" is all on one line. In this case I've hidden two devices - one is a network card, the other is a TV tuner. Note that you MUST include leading zeros in the PCI address - ie 01:07.0 is valid, 1:7.0 will NOT work.


Then you make the device available to a DomU like this :
# Config file for Bubbles (Router)

kernel  = '/boot/vmlinuz-2.6.18-6-xen-amd64'
ramdisk = '/boot/initrd.img-2.6.18-6-xen-amd64'

memory  = '256'

root    = '/dev/sda1 ro'
disk = [ 'phy:/dev/vgmain/bubblesroot,sda1,w', 'phy:/dev/vgmain/bubblesswap,sda2,w', 'phy:/dev/vgbackup/bubblesbackup,sda3,w' ]

name    = 'bubbles'

pci=['01:07.0']
vif  = [ 'bridge=eth0,ip=192.168.0.2,mac=00:16:3e:35:f4:02' ]

on_poweroff = 'destroy'
on_reboot   = 'restart'
on_crash    = 'restart'

Search for "pciback" in the Xen documentation for more info - there other ways of doing it, but this is reasonably simple to set up.

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users