|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Ideal(istic) Xen firewall design
Hi Markus, Marcus Brown schrieb: Hi Dirk, Dirk H. Schulz wrote:Hi Marcus, thanks for so much info! Just a short question before I start digging into your configs: What do you gain by running the firewall inside a privileged guest system instead of inside dom0?It's modular, restartable, replaceable, ... (ie. I can reboot the firewall without rebooting all the domUs) That is a very good reason. I did not think of that, I have to admit. Oh, err, shouldn't it be more difficult to get root access to the firewall than to the other systems? That's one thing firewalls are for, aren't they? :-)errr oh, and someone gaining root access to the firewall won't be able to play with xend, or the filesystems of the domUs. Yes, there are. This way one could have two firewalls to hide the domU network behind and a vpn server inbetween just for training (setting up vpn with dynamic routing, e.g.). Lots to play with on rainy weekends. :-) One could even setup complex OSPF scenarios just for testing. I start loving this concept ...I'm sure there are other good reasons :) Dirk _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |