bugone82@hotmail.com
2006-Mar-01 09:55 UTC
[Xen-users] DomU runnirng a firewall for Dom0 and others DomU
Hi, someone knows if is it possible to run iptables rules on one DomU, filtering and forwarding many services to other DomUs and Dom0? I know it is possible to run rules on Dom0, but i would like to have an independent firewall (DomU) filtering also what happens on Dom0. Any suggestion? thanks, Enrico _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Pavel Georgiev
2006-Mar-01 10:07 UTC
Re: [Xen-users] DomU runnirng a firewall for Dom0 and others DomU
I`m using a similar setup - export both netwrk interfaces to DomU and run iptables on that domU (thus no direct inet access is allowed to the dom0, its a good idea to have serial console in case the firewall domU fails). On Wednesday 01 March 2006 11:55, bugone82@hotmail.com wrote:> Hi, someone knows if is it possible to run iptables rules on one DomU, > filtering and forwarding many services to other DomUs and Dom0? > I know it is possible to run rules on Dom0, but i would like to have an > independent firewall (DomU) filtering also what happens on Dom0. > Any suggestion? > > thanks, > Enrico > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Alexander
2006-Mar-01 10:16 UTC
Re: [Xen-users] DomU runnirng a firewall for Dom0 and others DomU
On Wed, Mar 01, 2006 at 12:07:59PM +0200, Pavel Georgiev wrote:> its a good idea to have serial console in case the firewall domU fails)....unless you have only remote access and failed domU prevents you from accessing dom0 :) Regards, /Al _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
bugone82@hotmail.com
2006-Mar-01 14:28 UTC
Re: [Xen-users] DomU runnirng a firewall for Dom0 and others DomU
could you describe better your solution? and if i have to use only one eth? can i forward it on domU with firewall.. then resend the network traffic filtered from domU to a virtual interface on dom0? and then route that traffic on other domains? Pavel Georgiev wrote:> I`m using a similar setup - export both netwrk interfaces to DomU and run > iptables on that domU (thus no direct inet access is allowed to the dom0, its > a good idea to have serial console in case the firewall domU fails). > > > On Wednesday 01 March 2006 11:55, bugone82@hotmail.com wrote: > >> Hi, someone knows if is it possible to run iptables rules on one DomU, >> filtering and forwarding many services to other DomUs and Dom0? >> I know it is possible to run rules on Dom0, but i would like to have an >> independent firewall (DomU) filtering also what happens on Dom0. >> Any suggestion? >> >> thanks, >> Enrico >> >> _______________________________________________ >> Xen-users mailing list >> Xen-users@lists.xensource.com >> http://lists.xensource.com/xen-users >> > . > >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users