WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Re: firewalls and Xen

To: "Patrick Wolfe" <pwolfe@xxxxxxxxxxxxxx>
Subject: [Xen-users] Re: firewalls and Xen
From: "Molle Bestefich" <molle.bestefich@xxxxxxxxx>
Date: Fri, 7 Jul 2006 18:21:38 +0200
Cc: Luke <secureboot@xxxxxxxxx>, Daniel Goertzen <goertzen@xxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 07 Jul 2006 09:22:42 -0700
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=RLlyq7ZcS6FKxmuUlwqqrj3X3ycHgQ6E5FlBhFCB/cLLTBCIHLBYZJF/BIr40oeoE8ZDnNRcFIqd4PjTHG2UJnf8yRc7lcqvc1vEE0lLdlNX6n4FfoJQ9zIB3eO0ipBLFnu2Wb6ja/ukCkRbN65m8ZA4NRkQqDF2+10pmzgCefM=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <1139939476.19273.45.camel@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <796A7B7A-174F-4A38-865B-09D316F8CAE8@xxxxxxxxx> <43F1F6EC.4010207@xxxxxxxx> <3988B614-F9C1-4DEB-A97C-65AF8E2F8E06@xxxxxxxxx> <43F20903.5050506@xxxxxxxx> <1139939476.19273.45.camel@xxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Patrick Wolfe wrote:
+-------+   +---------+               +-----------+
| peth0 |---| br0eth0 |       +-------|veth0 dom0 |
+-------+   +---------+       |       +-----------+
                 |            |
            +--eth0--+        |
            |        |        |
            |        e        |
            | fire1  t   +--------+   +-----------+
            | domU1  h---| br2dmz |---|eth0 domU2 |
            |        2   +--------+   +-----------+
            |        |        |
            +--eth1--+        |
                 |            |
+-------+   +---------+       |       +-----------+
| peth1 |---| br1eth1 |       +-------|eth0 domU3 |
+-------+   +---------+               +-----------+

Don't you find it troublesome that all of your domUs can communicate
freely with each other?

I'm thinking that if one domU is breached, a hacker will have total
freedom to poke at any ports on any of the other domUs regardless of
the firewall.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>