Sorry if this has been discussed before, but I am having trouble finding a definite answer... I am setting up a co-located server with a single nic and 2 IP''s. I believe I want to run a firewall in the first domU (consuming 1 IP address), a web-serving domU with 2 network interfaces (other public IPs as DMZ and private network) and several other domU''s with only private network interfaces (running app + db servers) . I want to bridge the private network to a tun/tap openvpn server in the firewall domU. Dom0 should probably be connected to the management interface. This all seems doable in Xen with the current version. I can successfully use pciback to hide the ethernet adapter from dom0 and configure it in the firewall domU. Is this considered a best practice? If so, how do I bridge/route the other IP to the second domU? I am currently assuming I would want two bridges defined in the dom0, one for the public IP''s and one for the private network. If this is the case, how should I go about creating the bridges in a dom0 that has no ethernet adapter? The private network''s bridge would want to be accessible from dom0, the DMZ bridge definitely not. Any thoughts would be greatly appreciated. Darrin. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi Darrin, On Monday 02 October 2006 11:09, Darrin Wortlehock wrote:> I am currently assuming I would want two bridges defined in the dom0, > one for the public IP''s and one for the private network. If this is > the case, how should I go about creating the bridges in a dom0 that > has no ethernet adapter? The private network''s bridge would want to > be accessible from dom0, the DMZ bridge definitely not.Create the necessary additional interfaces/bridges in Dom0 using the dummy interface, then export them to the firewall DomU. The firewall DomU will see them as network interfaces. When you create the other DomU''s, attach them to the appropriate bridges. You can put all your DomUs on private IPs and use port forwarding on the firewall DomU. The firewall DomU can then have both of your real IPs on the eth0 interface. I hope this helps? I am running a similar setup, and can provide some further assistance if you need it, though a lot of the information is on the lists as well. My assistance would be Debian-specific, however,as that is what I am running on my Dom0. -Alan _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi Darrin, On Monday 02 October 2006 11:09, Darrin Wortlehock wrote:> I am currently assuming I would want two bridges defined in the dom0, > one for the public IP''s and one for the private network. If this is > the case, how should I go about creating the bridges in a dom0 that > has no ethernet adapter? The private network''s bridge would want to > be accessible from dom0, the DMZ bridge definitely not.Create the necessary additional interfaces/bridges in Dom0 using the dummy interface, then export them to the firewall DomU. The firewall DomU will see them as network interfaces. When you create the other DomU''s, attach them to the appropriate bridges. You can put all your DomUs on private IPs and use port forwarding on the firewall DomU. The firewall DomU can then have both of your real IPs on the eth0 interface. I hope this helps? I am running a similar setup, and can provide some further assistance if you need it, though a lot of the information is on the lists as well. My assistance would be Debian-specific, however,as that is what I am running on my Dom0. -Alan _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users