WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] How to disable the public ip in Dom0 and enable on DomU

from [Sergey Vlasov] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] How to disable the public ip in Dom0 and enable on DomU
From: Sergey Vlasov <vsu@xxxxxxxxxxx>
Date: Sun, 18 Oct 2009 21:46:19 +0400
Delivery-date: Sun, 18 Oct 2009 10:46:57 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <bf0c4f970910180528v451e0418q4bbff54e2a46788a@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <bf0c4f970910180528v451e0418q4bbff54e2a46788a@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
On Sun, Oct 18, 2009 at 02:28:39PM +0200, Mirco Santori wrote:
[...]
> What i wish to do is to don't provide any public access to the dom0 (for
> security reason and to keep the other ip address for other things).
[...]
> and here the interface's conf :
> 
> auto lo
> iface lo inet loopback
> 
> auto xenbr0
> iface xenbr0 inet static
>         address xxxxxxx
>         netmask 255.255.255.xxx
>         network xxxxxxxx
>         broadcast xxxxxxxx
>         gateway xxxxxxx
>         bridge_ports eth0
>         bridge_stp off
>         bridge_maxwait 0
>         dns-nameservers xxx.xx
>         dns-search xxx.com

Just use "inet manual" instead of "inet static":

auto xenbr0
iface xenbr0 inet manual
        bridge_ports eth0
        bridge_stp off
        bridge_maxwait 0

With "inet manual" the network initialization scripts will just bring
the interface up without assigning an IP address - which is exactly
what you need for this bridge.

> auto xenbr1
> iface xenbr1 inet static
>         address 192.168.1.10
>         netmask 255.255.255.0
>         network 192.168.200.0
>         broadcast 192.168.200.255
>         gateway xxx.129
>         bridge_ports eth1
>         bridge_stp off
>         bridge_maxwait 0
>         dns-nameservers xxx.5
>         dns-search xxx.com
> 
> Could someone give me some advices or suggest on how to reach my target ?
> I am working with the network-bridge .. should i use NAT or ROUTE xen
> networking ?

Using NAT or ROUTE requires assigning a public IP to dom0 (which then
will be shared with domU when using NAT, or will be used as a gateway
when using ROUTE); only bridge networking can work without IP address
in dom0.

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Power management in hypervisor, Birger Brunswiek
Next by Date:  [Xen-users] Configuring a NIC for DOM0 and DOMU, John Preston
Previous by Thread:  [Xen-users] How to disable the public ip in Dom0 and enable on DomU, Mirco Santori
Next by Thread:  Re: [Xen-users] How to disable the public ip in Dom0 and enable on DomU, Mirco Santori
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy