Re: Not firewall, but what?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Jussi Hirvi wrote:
> On 9.5.2010 14.03, Kahlil Hodgson wrote:
>> Okay, that makes my head hurt.  Why two VLANs?  What's you mapping
>> between virtual interfaces and guests? And which guest is the bad one?
> 
> Ok, Kal, thank you for very useful ramblings!
> 
> This box is already in production, but I think the most useful approach 
> here is to reconsider my setup.
> 
> I have two public networks here, 62.220.237.x and 62.236.221.x. I want 
> to build a xen system, where some guests connect to one network, some 
> guest to the other one, and some to both. To reduce cabling, I would 
> like to do this with only two nics.
> 
> My solution now is two virtual bridges (I can post nearer details, if 
> needes). And I have now landed into routing difficulties.
> 
> Are there some simpler or otherwise better approaches?

How do you handle the default route on the 'connect to both' guests?  Normally 
you only want one default gateway and it should be the same one where the 
connections are coming in.  Otherwise you have to do some very tricky things to 
make return packets go back the same path they came in, although asymmetrical 
routes are supposed to work if you don't have NAT or stateful firewalls in the way.

-- 
   Les Mikesell
    lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux