From mboxrd@z Thu Jan  1 00:00:00 1970
From: Nicholas Lee <nic-lists@plumtree.co.nz>
Subject: Bridging firewall?
Date: Fri, 21 Jan 2005 23:49:19 +1300
Message-ID: <20050121104919.GF27277@stateless>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <xen-devel-admin@lists.sourceforge.net>
Content-Disposition: inline
Sender: xen-devel-admin@lists.sourceforge.net
Errors-To: xen-devel-admin@lists.sourceforge.net
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.sourceforge.net>
List-Help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
To: xen-devel@lists.sourceforge.net
List-Id: xen-devel@lists.xenproject.org


Is it possible with Xen to construct something like the following scenario.

Free/NetBSD (*) domU server running pf or Linux/iptables, acting as a
routing or bridging firewall for all the other domU guests? Further more
create virtual DMZ and internal services.

You'd probably keep the dom0 instance otherside this setup, with its own
filtering arrangement.


For instance, you have a subnet 192.168.1.0/24.  Put the dom0 on 192.168.1.254.
Have the firewall router domU running on 192.168.1.1 and acting as the
gateway for all the other machines on the subnet.


(*) This is my dream, using pf for security and debian for serving the
applications. ;)

Nicholas


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl