[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Re: firewalls and Xen



On Saturday 08 July 2006 03:24, Tom Eastep wrote:
> Molle Bestefich wrote:
> > I'm thinking that if one domU is breached, a hacker will have total
> > freedom to poke at any ports on any of the other domUs regardless of
> > the firewall.
>
> I disagree.In the topology presented in
> http://www.shorewall.net/XenMyWay.html, a breach of the most vulnerable
> domU (the 'lists' domain) cannot compromise any of the other domUs or
> the dom0 or any of the local systems.
>
> -Tom

Hello Tom,
  I'd like to take advantage of your presence here to make tyou a question...
I saw that all your xen configurations use bridging, regardless of the 
complexity of the network topology one needs....  that not wrong in 
principle, of course ..

my curiosity is about a you opinion about advantages and/or disadvantages of 
the the routing in a configuration in which one has a number of domUs not 
needing a public IP and running different services (it is a single server 
with its services splitted on different domUs)..

In this configuration the dom0 being the router/firewal controlling all the 
traffic from the domUs to/from each others and to/from the net/fw...

A your opninion would be very very apreciated as you are a very skilled person 
in this field (of course :-P)

Regards

-- 
Dr. Emiliano Gabrielli - Responsabile Divisione Informatica
email: emiliano.gabrielli@xxxxxxxxxxxxxxxxxx
deArchitettura.com   Via Francesco Tovaglieri, 411 - 00155 Roma
tel: 0645438979 | fax: 0645438980 | url: www.deArchitettura.com
_________________________________________________________________________
CONFIDENZIALE: Le informazioni contenute nella presente comunicazione 
ed i relativi allegati sono confidenziali e riservati. Se avete ricevuto
questo messaggio per errore, vi preghiamo di distruggerlo e di informarci
immediatamente all'indirizzo email info@xxxxxxxxxxxxxxxxxx
Ai sensi del D.Lgs. 196/2003 sulla privacy e dell'art. 616 del c.p. è
proibita qualsiasi forma di riproduzione o divulgazione del documento
trasmesso, senza l'esplicito consenso di deArchitettura.com

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.