On Wed, 15 Nov 2006, Anzi wrote:
> What is the best way to use xen so that dom0 (netbsd3.1) machine has several 
> network cards and only on "managent interface". I mean that DomU:s may be on 
> the dmz zone and dom0 is on the internal network? I think that it is possible 
> with exporting nics as pci devices but is this operational yet?
>
> Anybody has has better ideas?
>
> I currently assigned and public-ip address for DOM0 and DOMU and used 
> standard network-bridge vif. This has the downside that dom0 is then also 
> publicly available (they are behind firewall).

You don't need to give your dom0 external interface an address.

For example, I have:

dom0:
fxp0 (connected externally) - no IP address
wm0 (connected internally) - 192.168.1.11

domU 1:
xennet0 (bridged with wm0) - 192.168.1.12
xennet1 (bridged with fxp0) - external IP address #1

domU 2:
xennet0 (bridged with wm0) - 192.168.1.13
xennet1 (bridged with fxp0) - external IP address #2

Or have I misunderstood your requirements?

-- 
Stephen