Mailing List Archive: Re: Firewall in domU, networking in XEN

Mailing List Archive: Xen: Users
Re: Firewall in domU, networking in XEN

Index | Next | Previous | View Flat

linux at thehobsons

May 10, 2012, 2:15 AM

Views: 1291
Permalink

Re: Firewall in domU, networking in XEN [In reply to]

At 10:44 +0200 10/5/12, =?ISO-8859-2?Q?S=B3awek_Kosowski?= wrote:

>The idea for custom network script for dom0

Really, DON'T use network script - comment it out (ie don't use it at
all) and use the host OS tools. network script is deprecated and is a
hangover from the days when most distros didn't provide
easy/convenient tools for managing bridges.

Now that most distros have good tools for this, there isn't really
any need for Xen's network script - and using the OS tools means
you'll have a config that works even when booting the host OS without
Xen (eg for troubleshooting).

For example, in Debian you can (I think) do this in /etc/network/interfaces :

auto ethext
iface ethext inet static
bridge_ports eth0

auto ethint
iface ethint inet static
bridge_ports none
address 192.168.1.x
netmask 255.255.255.0
gateway 192.168.1.1

auto ethdmz
iface ethdmz inet static
bridge_ports none

If I've got it right, this will leave you with three bidges :

ethext has one member, the real NIC eth0. Dom0 has no access to it
(no IP address configured).

ethint has no physical NICs. Dom0 has an IP in this network.

ethdmz also has no physical NIC, and also no access to Dom0.

You'd start up your first DomU for the firewall with VIFs connected
to all three bridges. For all other DomUs you'd connect them to one
or both of ethint and ethdmz according to their requirements.

You can use whatever names you like instead of ethext, ethint, and
ethdmz. Personally I don't like using things like br0, br1, etc as
it's harder to keep track of what's what.

--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

_______________________________________________
Xen-users mailing list
Xen-users [at] lists
http://lists.xen.org/xen-users

Subject	User	Time
Firewall in domU, networking in XEN	slawek.k_xl at wp	Apr 30, 2012, 2:00 AM
Re: Firewall in domU, networking in XEN	ditwal001 at gmail	Apr 30, 2012, 2:28 AM
Re: Firewall in domU, networking in XEN	slawek.k_xl at wp	Apr 30, 2012, 3:58 AM
Re: Firewall in domU, networking in XEN	linux at thehobsons	Apr 30, 2012, 5:08 AM
Re: Firewall in domU, networking in XEN	ditwal001 at gmail	Apr 30, 2012, 7:19 AM
Re: Firewall in domU, networking in XEN	linux at thehobsons	Apr 30, 2012, 7:38 AM
Re: Firewall in domU, networking in XEN	linux at thehobsons	Apr 30, 2012, 2:51 AM
Re: Firewall in domU, networking in XEN	alk at ondore	Apr 30, 2012, 10:22 AM
Re: Firewall in domU, networking in XEN	slawek.k_xl at wp	May 3, 2012, 1:50 AM
Re: Firewall in domU, networking in XEN	slawek.k_xl at wp	May 7, 2012, 1:09 AM
Re: Firewall in domU, networking in XEN	list at fajar	May 7, 2012, 1:18 AM
Re: Firewall in domU, networking in XEN	linux at thehobsons	May 7, 2012, 7:58 AM
Re: Firewall in domU, networking in XEN	cdelorme at gmail	May 7, 2012, 10:57 AM
Re: Firewall in domU, networking in XEN	slawek.k_xl at wp	May 10, 2012, 1:44 AM
Re: Firewall in domU, networking in XEN	linux at thehobsons	May 10, 2012, 2:15 AM
Re: Firewall in domU, networking in XEN	Ian.Campbell at citrix	May 10, 2012, 6:01 AM
Re: Firewall in domU, networking in XEN	slawek.k_xl at wp	May 14, 2012, 1:04 AM
Re: Firewall in domU, networking in XEN	slawek.k_xl at wp	May 23, 2012, 3:56 AM
Re: Firewall in domU, networking in XEN	linux at thehobsons	May 23, 2012, 12:22 PM
Re: Firewall in domU, networking in XEN	slawek.k_xl at wp	May 24, 2012, 1:05 AM

Index | Next | Previous | View Flat

Interested in having your list archived? Contact Gossamer Threads