On Fri, Apr 21 2006 - 08:31, Greg Troxel wrote:
> Joel CARNAT <joel%carnat.net@localhost> writes:
>
> > - hide ex1 to dom0 and export it do domU/FW
> > - bridge ex1 from dom0 (without an IP) to domU/FW (with an IP)
>
> Both should work. But, I suspect bridging will be less grief over
> time and upgrades.
>
OK but what about security? I suppose bridging makes dom0 aware of
the traffic and vulnerable to some <whatever-attack>, no ?
For the challenge, I tried hiding one of my 3COM but it doesn't work :(
# pcictl pci0 list
...
000:09:0: 3Com 3c905C-TX 10/100 Ethernet with mngmt (ethernet network, revision
0x6c)
000:11:0: 3Com 3c905C-TX 10/100 Ethernet with mngmt (ethernet network, revision
0x6c)
000:13:0: 3Com 3c905B-TX 10/100 Ethernet (ethernet network, revision 0x30)
# grep hide /grub/menu.lst
kernel (hd0,0,a)/usr/pkg/xen-kernel/xen.gz dom0_mem=131072 com1=9600,8n1
physdev_dom0_hide='(00:0D.0)'
but dom0 still sees the 3 cards...
what did I miss ?
TIA,
Jo
Attachment:
pgps1OKEOxgAV.pgp
Description: PGP signature