On Wed, Nov 12, 2008 at 09:00:49PM -0800, Bill Werner wrote: > > > Can a virtual interface be created between Virtual > > instance A and > > > the host network C and stick IPFilter into it to > > act as a second > > > layer of defense incase A is breached? > > > > This should work, but I've not tested it in a long time. Getting > > the configuration right will be tricky. > > Any pointers to any documentation on where to start? How to setup > virtual interfaces, etc?
If I understand your architecture properly (maybe send me the diagram directly?) then you need to run a backend network device in a guest domain with the frontend in dom0. Having the backend in a guest (A) should 'just work'. Getting the frontend working in dom0 (c) involves careful use of 'xm network-attach', including specifying the backend domain (i.e. the domid of A). _______________________________________________ xen-discuss mailing list [email protected]
