On a decidated root server with 1+X public IP addresses in a hosted environment, running Debian Lenny with Xen 3.2, I want to install multiple domUs. Bridged network route is not an option due to hosting company requirements. They recommend routed setup but as far as I can understand this requires spending two public IPs on the dom0 which I can't affort.
In my setup, X domUs will have a public facing IP address and should be reachable from the network. Other domUs should be in private subnets (e.g. 10.0.. / 192.168..) and not reachable from the outside. domUs in the same private subnets should be able to reach each other but not domUs in other private subnets. A plus would be if all traffic (incl. the domUs with public IP addresses) were routed through the dom0 which could act as firewall (iptables?).
Is there anybody who has a similar setup as I and is willing to share some configuration files and tips?
Best Answer
You should setup two bridges on dom0. You can use the standard entries in
/etc/network/interfaces
for this. Let's assume your real card is eth0 (and there's a DHCP server behind it) and you havebridge-utils
installed. The file could look like this:You configure
/etc/xen/xend-config.sxp
with network-brigde and vif-bridge. In each domU config file, you select whether you want it to have direct external access (via br0) or if it should get only access via br1. For this you can use vif lines like those:Of course, you still have to setup the NAT/masquerading over br1 and the network configuration of the domU should match (i.e. those on br0 should used DHCP and those on br1 should have a static IP in my example above).