[Openais] Two questions; Intro to AIS? and TOTEM errors in fence loop
darrent at akurit.com.au
Tue Nov 3 12:21:19 PST 2009
In essence, yes it's the same thing. Only the VMs would have an active
IP address, although I have never thought to use a VM as a firewall
server (I see that it's routing the 'Internet facing' and 'internal'
In my case I treat the Internet facing bridge as a DMZ so the only
access to the VMs is through a hardware firewall/router. Probably
because I have one to use; (sodding expensive things normally).
Since you are saying that the device is 'peth2' and the bridge is
'xenbr2' I see that you have chosen to persist with that dodgy
"network-bridge fudge script", but that's fine if you are happy with how
it's all working.
I'm glad to hear that it's all working for you.
> I think I am doing the same thing, if I understand what you are
> suggesting. Being that peth2 is polluted with the internet, dom0's eth2
> has no IP (nor the bridge). The only device with IPs on the
> Internet-facing bridge is my firewall's 'eth1' (connected to xenbr2).
> Then a firewall protects connections to all other VMs, inc. dom0s. Is
> this this indeed what you are doing?
> I've not worried about direct access because, should anything go very
> wrong, I can always log into the office's internal network and get at
> the nodes via IPMI.
> Anywho, if I misunderstood, let me know. If I am doing the same, then
> cool. As they say, geniuses think alike and fools seldom differ. :D
More information about the Openais