[Openais] Two questions; Intro to AIS? and TOTEM errors in fence loop

Darren Thompson darrent at akurit.com.au
Tue Nov 3 12:21:19 PST 2009


In essence, yes it's the same thing. Only the VMs would have an active
IP address, although I have never thought to use a VM as a firewall
server (I see that it's routing the 'Internet facing' and 'internal'

In my case I treat the Internet facing bridge as a DMZ so the only
access to the VMs is through a hardware firewall/router. Probably
because I have one to use; (sodding expensive things normally).

Since you are saying that the device is 'peth2' and the bridge is
'xenbr2' I see that you have chosen to persist with that dodgy
"network-bridge fudge script", but that's fine if you are happy with how
it's all working.

I'm glad to hear that it's all working for you.


> I think I am doing the same thing, if I understand what you are 
> suggesting. Being that peth2 is polluted with the internet, dom0's eth2 
> has no IP (nor the bridge). The only device with IPs on the 
> Internet-facing bridge is my firewall's 'eth1' (connected to xenbr2). 
> Then a firewall protects connections to all other VMs, inc. dom0s. Is 
> this this indeed what you are doing?
> I've not worried about direct access because, should anything go very 
> wrong, I can always log into the office's internal network and get at 
> the nodes via IPMI.
> Anywho, if I misunderstood, let me know. If I am doing the same, then 
> cool. As they say, geniuses think alike and fools seldom differ. :D
> Cheers!
> Madi

More information about the Openais mailing list