Thank you Simon, you''ve been very clear. But actually, i wanted all
traffic
been forwarded from dom0 to domu. In my Mini-OS there''s just one
application which counts packets with a particular signature, nothing else.
You mentioned PCI-passthrough which would be usefull, i think. My goal now
is not forwarding all packets from dom0 to domu anymore, but using mini-os
as a sort of sniffer. It should count all packets with a determined
signature (for example: tcp packets port 80) leading to dom0 passing
through phyisical interface eth0.
I was trying to find out if Linux bridge implement a sort of port
mirroring. But even if it does, all vif attached to it have the same mac
address (fe:ff:ff:ff:ff:ff), so i wouldn''t know hot to set it.
Is PCI-passthrough usefull for my intent? How can i realize it?
Thank you again.
2013/10/3 Simon Hobson <linux@thehobsons.co.uk>
> Luca Giacomoni wrote:
> > I created a domU in which Mini-OS (with lwip) is run. I need to direct
> all the outbond network traffic to Mini-OS.
>
> Are you trying to use this Mini-OS guest as a firewall ?
> The easy way to do it is to create two bridges - lets call them brint and
> brext.
>
> brext will have two attached devices - eth0 of the host, and eth0 of the
> Mini-OS guest. The host does not need an IP address in this bridge if you
> don''t need to it directly access the outside world.
>
> brint will have an IP address for the host, and eth1 of the Mini-OS guest.
> You configure the Mini-OS as a two-port firewall and do all the routing,
> NAT, filtering there.
> For all your other guests, attach them only to brint, and set their
> default gateway to be the internal address of the Mini-OS guest. All their
> traffic now goes through the firewall.
>
> As an alternative, instead of setting up brext, you could use
> PCI-passthrough to make eth0 of the host directly accessible to the guest.
> That way, external traffic doesn''t go through the host at all -
apart from
> the low level PCIback virtualisation code. This is the setup I ran at home
> for some time - it''s now slightly different as I use PPPoE on the
firewall
> virtual machine.
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xen.org
> http://lists.xen.org/xen-users
>
_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users