Michele
2009-Jun-06 10:41 UTC
[Xen-users] With network-route on domU I can ping but nothing else works
Hi, I''ve always used Xen with bridging without any issues, but now, due to security concerns I need to use routing. The domUs need to be accessible from the outside, so I thought of using network-route. I configure everything following the instructions I found here on the mailing list, but when I try to connect to another server on my network (for example, using wget) it say network unreachable, even though pinging that same host works. What could it be? do I need to any rules to iptables in order to make requests other than ICMP work? Thanks a lot for your help. Best, - Michele _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Fajar A. Nugraha
2009-Jun-06 10:50 UTC
Re: [Xen-users] With network-route on domU I can ping but nothing else works
On Sat, Jun 6, 2009 at 5:41 PM, Michele<ftf@interfree.it> wrote:> Hi, > > I''ve always used Xen with bridging without any issues, but now, due to > security concerns I need to use routing.What are your security concerns? I find network-route is too much hassle, so I use network-bridge on every host. The network setup on dom0 is similar to that of a switch with upstream trunk connections and multiple vlans. If (security-wise) you can live with trunks and vlans on switches, you should also be able to use it on dom0. Note that you can also add routing/NAT on top of bridge setup, which makes dom0 networking similar to that of a L3 switch/router. -- Fajar _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users