WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Re: firewalls and Xen

from [Emiliano Gabrielli] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Re: firewalls and Xen
From: Emiliano Gabrielli <Emiliano.Gabrielli@xxxxxxxxxxxxxxxxxx>
Date: Mon, 10 Jul 2006 10:06:15 +0200
Delivery-date: Mon, 10 Jul 2006 05:22:41 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <44AF094E.6000001@xxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Organization: deArchitettura.com
References: <796A7B7A-174F-4A38-865B-09D316F8CAE8@xxxxxxxxx> <62b0912f0607070921m6d23370dlb0d1af3709ca34b4@xxxxxxxxxxxxxx> <44AF094E.6000001@xxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.3 
On Saturday 08 July 2006 03:24, Tom Eastep wrote:
> Molle Bestefich wrote:
> > I'm thinking that if one domU is breached, a hacker will have total
> > freedom to poke at any ports on any of the other domUs regardless of
> > the firewall.
>
> I disagree.In the topology presented in
> http://www.shorewall.net/XenMyWay.html, a breach of the most vulnerable
> domU (the 'lists' domain) cannot compromise any of the other domUs or
> the dom0 or any of the local systems.
>
> -Tom

Hello Tom,
  I'd like to take advantage of your presence here to make tyou a question...
I saw that all your xen configurations use bridging, regardless of the 
complexity of the network topology one needs....  that not wrong in 
principle, of course ..

my curiosity is about a you opinion about advantages and/or disadvantages of 
the the routing in a configuration in which one has a number of domUs not 
needing a public IP and running different services (it is a single server 
with its services splitted on different domUs)..

In this configuration the dom0 being the router/firewal controlling all the 
traffic from the domUs to/from each others and to/from the net/fw...

A your opninion would be very very apreciated as you are a very skilled person 
in this field (of course :-P)

Regards

-- 
Dr. Emiliano Gabrielli - Responsabile Divisione Informatica
email: emiliano.gabrielli@xxxxxxxxxxxxxxxxxx
deArchitettura.com   Via Francesco Tovaglieri, 411 - 00155 Roma
tel: 0645438979 | fax: 0645438980 | url: www.deArchitettura.com
_________________________________________________________________________
CONFIDENZIALE: Le informazioni contenute nella presente comunicazione 
ed i relativi allegati sono confidenziali e riservati. Se avete ricevuto
questo messaggio per errore, vi preghiamo di distruggerlo e di informarci
immediatamente all'indirizzo email info@xxxxxxxxxxxxxxxxxx
Ai sensi del D.Lgs. 196/2003 sulla privacy e dell'art. 616 del c.p. è
proibita qualsiasi forma di riproduzione o divulgazione del documento
trasmesso, senza l'esplicito consenso di deArchitettura.com

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Xen-users] pciback.hide on Xen 3.0.1 (plaintext version), Bart van den Heuvel
Next by Date:  Re: [Xen-users] Re: firewalls and Xen, Martti Kuparinen
Previous by Thread:  Re: [Xen-users] Re: firewalls and Xen, Tom Eastep
Next by Thread:  Re: [Xen-users] Re: firewalls and Xen, Patrick Wolfe
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy