Hi Dennis,
Dennis wrote:> I have a host with two network cards. One card (eth0) connects to a
> switch. The switch is connected to a firewall which is the gateway for
> the network.
>
> I''d like to set up a few domU machines and have them be on their
own
> network. The domU machines would be able to talk on their own network
> but preferably not to the real physical network (and other machines on
> it). It is important that the firewall be able to give outside
> addresses to the virtual machines though.
>
> I could for instance, hook the 2nd netword card directly to the firewall
> and have the firewall deny traffic between the two networks.
>
> I''m at a bit of a loss though, as my networking knowledge
isn''t the
> greatest. I''m not sure if I should use vif-bridge, vif-route,
vif-nat.
> Not sure if I can do this on the primary nic or if I need both...
>
> Any suggestions?
Perhaps you could look at this thread:
http://lists.xensource.com/archives/html/xen-users/2005-08/msg00315.html
My latest idealistic, theoretical (partly implemented) diagram is here:
http://marcusbrutus.cust.internode.on.net/Computers/v0-4-3/Xen_Firewall_0_4_33
Marcus.
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users