[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Question about using Xen in a periphery firewall/router scenario

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: Simon Hobson <linux@xxxxxxxxxxxxxxxx>
Date: Sat, 22 Aug 2009 20:39:38 +0100
Delivery-date: Sat, 22 Aug 2009 12:40:37 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

Sanjay Arora wrote:

 > The approach I've used at home is to hide a network card from Dom0 (see

 pic-back.hide) and pass it through to a DomU which then sees it as a native
 interface. I then run a firewall in the DomU and the outside traffic does
 NOT go through Dom0.  The route for packets is then :

 > real i/f -> DomU (firewall) -> VIF -> int bridge [ Dom0 | VIF -> DomU ]

Can you advise hoe to set this up?


Use lspci to find the PCI address of the network card.

Edit your host boot menu (/boot/grub/menu.lst) to 'hide' the devicefrom your Dom0 like this :

title           Xen 3.2-1-amd64 / Debian 2.6.18-6-xen-amd64 - Ext Eth hidden
root            (hd0,0)
kernel          /xen-3.2-1-amd64.gz dom0_mem=512M
module /vmlinuz-2.6.18-6-xen-amd64 root=/dev/sda3 roconsole=tty0 pciback.hide=(01:07.0)(01:06.0)
module          /initrd.img-2.6.18-6-xen-amd64
savedefault

Note : "module /vmlinuz-2.6.18-6-xen-amd64 root=/dev/sda3 roconsole=tty0 pciback.hide=(01:07.0)(01:06.0)" is all on one line. Inthis case I've hidden two devices - one is a network card, the otheris a TV tuner. Note that you MUST include leading zeros in the PCIaddress - ie 01:07.0 is valid, 1:7.0 will NOT work.



Then you make the device available to a DomU like this :

# Config file for Bubbles (Router)

kernel  = '/boot/vmlinuz-2.6.18-6-xen-amd64'
ramdisk = '/boot/initrd.img-2.6.18-6-xen-amd64'

memory  = '256'

root    = '/dev/sda1 ro'

disk = [ 'phy:/dev/vgmain/bubblesroot,sda1,w','phy:/dev/vgmain/bubblesswap,sda2,w','phy:/dev/vgbackup/bubblesbackup,sda3,w' ]


name    = 'bubbles'

pci=['01:07.0']
vif  = [ 'bridge=eth0,ip=192.168.0.2,mac=00:16:3e:35:f4:02' ]

on_poweroff = 'destroy'
on_reboot   = 'restart'
on_crash    = 'restart'

Search for "pciback" in the Xen documentation for more info - thereother ways of doing it, but this is reasonably simple to set up.


--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- [Xen-users] Question about using Xen in a periphery firewall/router scenario
  - From: Sanjay Arora
- Re: [Xen-users] Question about using Xen in a periphery firewall/router scenario
  - From: Simon Hobson
- Re: [Xen-users] Question about using Xen in a periphery firewall/router scenario
  - From: Sanjay Arora

Prev by Date: Re: [Xen-users] Question about using Xen in a periphery firewall/router scenario
Next by Date: Re: Re: [Xen-users] Latest working -xen kernel?
Previous by thread: Re: [Xen-users] Question about using Xen in a periphery firewall/router scenario
Next by thread: Re: [Xen-users] Question about using Xen in a periphery firewall/router scenario
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.