[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] NFS and interface security

Two Xen features I like very much:

- Virtual domains can't see each others' traffic via 'tcpdump', which
  means that, for instance, guests using NFS root partitions are
  relatively isolated from each other on the wire.

- In a virtual domain, I can't simply 'ifconfig eth0:1 ip.on.my.lan' and
  expect it to route; i.e. virtual domains can't steal IP addresses.

Kudos to whoever made this work right.  Am I correct in my
interpretations here?  I.e. is this as secure as it looks?

There's a note in TODO that says "The current virtual firewall/router is
completely broken."  Is this still valid?

Stephen G. Traugott  (KG6HDQ)
UNIX/Linux Infrastructure Architect, TerraLuna LLC
http://www.stevegt.com -- http://Infrastructures.Org 

The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.