Madi In essence, yes it's the same thing. Only the VMs would have an active IP address, although I have never thought to use a VM as a firewall server (I see that it's routing the 'Internet facing' and 'internal' networks).
In my case I treat the Internet facing bridge as a DMZ so the only access to the VMs is through a hardware firewall/router. Probably because I have one to use; (sodding expensive things normally). Since you are saying that the device is 'peth2' and the bridge is 'xenbr2' I see that you have chosen to persist with that dodgy "network-bridge fudge script", but that's fine if you are happy with how it's all working. I'm glad to hear that it's all working for you. Daz > I think I am doing the same thing, if I understand what you are > suggesting. Being that peth2 is polluted with the internet, dom0's eth2 > has no IP (nor the bridge). The only device with IPs on the > Internet-facing bridge is my firewall's 'eth1' (connected to xenbr2). > Then a firewall protects connections to all other VMs, inc. dom0s. Is > this this indeed what you are doing? > > I've not worried about direct access because, should anything go very > wrong, I can always log into the office's internal network and get at > the nodes via IPMI. > > Anywho, if I misunderstood, let me know. If I am doing the same, then > cool. As they say, geniuses think alike and fools seldom differ. :D > > Cheers! > > Madi > _______________________________________________ Openais mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/openais
