>Shows I still have a lot to learn about Xen. Am I right in thinking >your setup will still only allow one DomU to use the public IP?
Correct - but see below. >I went over the Tom's documentation again and I see that although >eth0 has several public IPs, both DomUs (eth3/4) are using the same >public IP (206.124.146.176). Won't this setup allow multiple DomUs >to share a single public IP? Port forwarding and/or proxy arp. IIRC, in Tom's current setup, he uses proxy-arp to pass-through certain IPs to machines behind the router. In the case where you only have one public address, then you will need to 'port forward' certain traffic to certain hosts - see DNAT. >What is the difference between a "Hardware nat" and Xen-natted that >makes it impossible to firewall? Not sure what you mean by 'hardware nat'. The problem with Xen, NAT, and firewalling is that Xen makes the networking environment very complicated. I really am a loooong way from understanding it, but from comments made by people (liek Tom) who know more than I do it could be that the way the traffic passes through the various bits of networking system means that it does not pass though the right places in the right order to also support NAT in a meaningful way. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
