This morning, I have reconfigured my Xen system to use a routed Xen network configuration. I''ve documented what I did in http://www1.shorewall.net/XenMyWay-Routed.html Yea -- no more Xen bridges! -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Tom Eastep wrote:> This morning, I have reconfigured my Xen system to use a routed Xen network > configuration. I''ve documented what I did in > http://www1.shorewall.net/XenMyWay-Routed.html > > Yea -- no more Xen bridges!Apologies for dragging up this old topic, but I have a question. (And I''m greatly appreciative of you showing how to run a firewall in a DomU.) What are the advantages to running your firewall in Dom0 instead of a DomU? Does it make it easier to DNAT to DomUs on the same server? If I''m running the firewall software in a DomU and I have 2 identically configured boxes, it seems like it would be easier to migrate the firewall DomU to another box if we run into hardware issues on the first box. Or maybe I just need to make the backup plan to pull the HDs from the primary box and place them into the secondary box while running the firewall in Dom0. (I''m also working on using bonded interfaces, which is slightly outside the scope of this list.) ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Thomas Harold wrote:> > What are the advantages to running your firewall in Dom0 instead of a > DomU? Does it make it easier to DNAT to DomUs on the same server?For me, the advantage was that I now have one less system to administer. Plus, the overall configuration is simpler.> > If I''m running the firewall software in a DomU and I have 2 identically > configured boxes, it seems like it would be easier to migrate the > firewall DomU to another box if we run into hardware issues on the first > box.That''s certainly true. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV