Xen users - Jul 2008 - ZEN Consolidation

Hello everyone

I''m wishing to consolidate my home network using Zen and I hope
somebody can advise.

My current setup: Consists of 4 FreeBSD Servers in the following configuration.

IP: /29 fully routable subnet:

DSL Router --> FreeBSD Bridge Firewall --> ETHERNET SWITCH

ETHERNET SWITCH---> BRIDGE FIREWALL (MANAGEMENT)
ETHERNET SWITCH---> HTTP SERVER (FreeBSD / Apache)
ETHERNET SWITCH--->SMTP SERVER (FreeBSD /Postfix)
ETHERNET SWITCH---> NAT GATEWAY (FreeBSD)

NAT GATEWAY---> PRIVATE LAN

PRIVATE LAN IP: /24 subnet (RFC 1918)


OK, I hope that made sense :)

Now what I would like to do is consolidate my 4 servers into one server based on
a Zen type architecture.

Here is a ASCII representation of how I would see this coming together: 



                  DSL ROUTER (eth0)
                        \/               
                        \/
 -----------------------Dom0-----------------------------------------------------
|
|               BRIDGE / FIREWALL                                      
|                            |               |
|                            |               | <=Management Interface 
|                   VIRTAUL HUB---/                                       
|                    |         |        |
|                    |         |        |
|              SMTPD  HTTPD |                                            
|                                      |
|                             NAT GATEWAY                               
|                                      |
 -------------------------------------------------------------------------------------
                                        \/
                                        \/
                            PRIVATE LAN (eth1)

My question: Would this work or have I misunderstood something? If it will work,
how secure would it be?

Hope somebody can help me....

Many thanks
Athena
















_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Should be possible.

There will be two routers:  The bridge firewall and the NAT gateway.  My
recommendation is to create a bridge without any physical interfaces
connected to it, lets call it vif-bridge.  Pciback the nic card that
connects to the dsl router (say eth0) and pciback the nic card that connects
to the private lan segment (say etn1).

domU-bridge-firewall will have two legs, the pcibacked eth0, and the vif
from vif-bridge.

domU-http-server will have just the vif from vif-bridge
domU-smtp-server will have just the vif from vif-bridge

domU-nat-gateway will have the pcibacked eth1 and vif from vif-bridge.

I am not sure how you would set the default route though with having two
routers.  I assume that you would need to set the hosts lan machines
defautroute to the nat gateway and the nat gateways default route to the
bridge firewall.  The smtp and http domUs defaultroute might have to be set
to the bridge firewall.  Ofcourse, I could be completely wrong on this.
Maybe somebody else could chime in.

Chris


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users