Hi
My office is getting a Xen on linux server donated. Looks like I'm on
the hook to get it up and running.
Been reading and testing bits and pieces. Most seem pretty straight
forward.
I have a question about using Shorewall on the Xen machine to provide
firewall for the machine Hosts, the
On Tue, Apr 21, 2015 at 07:39:37PM +, ale...@vfemail.net wrote:
>
> IIUC that's one of three ways I can think of to handle the firewall,
>
> (1) 2 ethernet interfaces in the Dom0 host, shorewall on the Dom0
> (2) 1 ethernet interfacs in the Dom0 host, 1 eth intfc in a DomU guest,
> shorewall
Hi Roberto
On 2015-04-21 19:49, Roberto C. Sánchez wrote:
> Personally, I like the approach of running Shorewall inside of each
> domU. But then, I employ the "every node on the network is untrusted
> by
> default" approach. I have all the physical interfaces in the dom0
> (with
> the dom0 onl
On 4/21/2015 12:39 PM, ale...@vfemail.net wrote:
> Hi
>
> My office is getting a Xen on linux server donated. Looks like I'm on
> the hook to get it up and running.
>
> Been reading and testing bits and pieces. Most seem pretty straight
> forward.
>
> I have a question about using Shorewall
ale...@vfemail.net wrote:
> Roberto C. Sánchez wrote:
>> Personally, I like the approach of running Shorewall inside of each
>> domU. But then, I employ the "every node on the network is untrusted
>> by
>> default" approach. I have all the physical interfaces in the dom0
>> (with
>> the dom0 o
Hi Simon
On 2015-04-22 07:02, Simon Hobson wrote:
> With a twist that I have (at home) a DomU just for the external
> gateway.
Separate from the fw DomU? I've been wondering what makes most sense --
gateway + fw + openvpn all on one DomU, or split them up.
> For physical connectivity, I've do
ale...@vfemail.net wrote:
>> With a twist that I have (at home) a DomU just for the external gateway.
>
> Separate from the fw DomU? I've been wondering what makes most sense --
> gateway + fw + openvpn all on one DomU, or split them up.
One device = FW + router + NAT etc
> So leaning in that
On 2015-04-21 19:59, Tom Eastep wrote:
> As you can tell by the Xen articles on the Shorewall site, I've only
> used approach (1). I was tempted to try (3), but abandoned Xen in favor
> of KVM then LXC. In both of the latter, I also had Shorewall running in
> the host.
>
> Sorry that I can't be of