WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] Re: firewalls and Xen

from [Molle Bestefich] [Permanent Link][Original]
To: "Patrick Wolfe" <pwolfe@xxxxxxxxxxxxxx>
Subject: [Xen-users] Re: firewalls and Xen
From: "Molle Bestefich" <molle.bestefich@xxxxxxxxx>
Date: Fri, 7 Jul 2006 18:21:38 +0200
Cc: Luke <secureboot@xxxxxxxxx>, Daniel Goertzen <goertzen@xxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 07 Jul 2006 09:22:42 -0700
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=RLlyq7ZcS6FKxmuUlwqqrj3X3ycHgQ6E5FlBhFCB/cLLTBCIHLBYZJF/BIr40oeoE8ZDnNRcFIqd4PjTHG2UJnf8yRc7lcqvc1vEE0lLdlNX6n4FfoJQ9zIB3eO0ipBLFnu2Wb6ja/ukCkRbN65m8ZA4NRkQqDF2+10pmzgCefM=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <1139939476.19273.45.camel@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <796A7B7A-174F-4A38-865B-09D316F8CAE8@xxxxxxxxx> <43F1F6EC.4010207@xxxxxxxx> <3988B614-F9C1-4DEB-A97C-65AF8E2F8E06@xxxxxxxxx> <43F20903.5050506@xxxxxxxx> <1139939476.19273.45.camel@xxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
Patrick Wolfe wrote:

+-------+   +---------+               +-----------+
| peth0 |---| br0eth0 |       +-------|veth0 dom0 |
+-------+   +---------+       |       +-----------+
                 |            |
            +--eth0--+        |
            |        |        |
            |        e        |
            | fire1  t   +--------+   +-----------+
            | domU1  h---| br2dmz |---|eth0 domU2 |
            |        2   +--------+   +-----------+
            |        |        |
            +--eth1--+        |
                 |            |
+-------+   +---------+       |       +-----------+
| peth1 |---| br1eth1 |       +-------|eth0 domU3 |
+-------+   +---------+               +-----------+


Don't you find it troublesome that all of your domUs can communicate
freely with each other?

I'm thinking that if one domU is breached, a hacker will have total
freedom to poke at any ports on any of the other domUs regardless of
the firewall.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] Re: VLAN script, Molle Bestefich
Next by Date:  Re: [Xen-users] xenconsole via ssh, Alessio Curri
Previous by Thread:  [Xen-users] Re: VLAN script, Molle Bestefich
Next by Thread:  Re: [Xen-users] Re: firewalls and Xen, Tom Eastep
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy