[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Re: firewalls and Xen

  • To: "Patrick Wolfe" <pwolfe@xxxxxxxxxxxxxx>
  • From: "Molle Bestefich" <molle.bestefich@xxxxxxxxx>
  • Date: Fri, 7 Jul 2006 18:21:38 +0200
  • Cc: Luke <secureboot@xxxxxxxxx>, Daniel Goertzen <goertzen@xxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Fri, 07 Jul 2006 09:22:42 -0700
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=RLlyq7ZcS6FKxmuUlwqqrj3X3ycHgQ6E5FlBhFCB/cLLTBCIHLBYZJF/BIr40oeoE8ZDnNRcFIqd4PjTHG2UJnf8yRc7lcqvc1vEE0lLdlNX6n4FfoJQ9zIB3eO0ipBLFnu2Wb6ja/ukCkRbN65m8ZA4NRkQqDF2+10pmzgCefM=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
Patrick Wolfe wrote:

+-------+   +---------+               +-----------+
| peth0 |---| br0eth0 |       +-------|veth0 dom0 |
+-------+   +---------+       |       +-----------+
                 |            |
            +--eth0--+        |
            |        |        |
            |        e        |
            | fire1  t   +--------+   +-----------+
            | domU1  h---| br2dmz |---|eth0 domU2 |
            |        2   +--------+   +-----------+
            |        |        |
            +--eth1--+        |
                 |            |
+-------+   +---------+       |       +-----------+
| peth1 |---| br1eth1 |       +-------|eth0 domU3 |
+-------+   +---------+               +-----------+


Don't you find it troublesome that all of your domUs can communicate
freely with each other?

I'm thinking that if one domU is breached, a hacker will have total
freedom to poke at any ports on any of the other domUs regardless of
the firewall.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.