|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Xen networking concepts
On Dec 20, 2005 at 1130 -0500, John A. Sullivan III appeared and said: > > Fernando made a really important point that I hope didn't slip by. Your > original e-mail described binding an external IP address to Dom0. I > would recommend never doing such a thing. If someone compromises dom0, > they have everything. Yes, I didn't miss that point. > [...] > We heavily shield dom0 with no IP addresses bound to the public > interface and pass all external traffic through the firewall as you > proposed. That's what I have in mind. The problem with the setup is the fact that the server is "heavily colocated", so we probably have to assign Dom0 an external IP address for system administration. I proposed to my colleagues to use a second IP address for the firewall and make the access to Dom0 VPN-only in addition to limiting packets from selected networks only. Thanks for your insights! Best, Lynx. -- "From the delicate strands, between minds we weave our mesh: a blanket to warm the soul." --- Lady Deirdre Skye (SMAC) --- _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |