I would like to jail my services Mail, HTTP, Dev into seperated VMs using Xen. I have one public IP and would like to put all domUs in a private LAN an expose the services via port forwarding.
What is best practice in this case?
- dom0 as a firewall or separated domU instance?
- how to maintain the iptables rules (Xen also creates some rules)?