|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Running workstation and firewall on the same hardware
On Mon, 8 Aug 2005, Mark Williamson wrote: > > I'm a paranoid SuSE guy. > > That's the most succinct introduction we've had in a while :-) > > > Resently I discovered Xen, and thougth that I could use it to combine > > the workstation and firewall in one piece og hardware. > > > > First plan were to create 3 xen domains: Dom0, WS and FW > > > > But it seems to be quite a job to the all my fancy hardware available > > to anything but Dom0 > > Yep, right now it's easiest to give all that stuff to dom0. > > > Next idea is to only have two domains: Dom0 and FW. And then use Dom0 > > for workstation. > > > > What is your sugestions? > > Conceptually the simplest would be to have dom0 forward *link level* packets > to a domU, which can filter them at IP level and then send them back to dom0. > In this scheme dom0 still receives the packets initially but doesn't do > anything with them until they've been verified by the domU. Link-level > attacks on dom0 could compromise the machine but a compromise of the domU > will not (although your IP traffic is obviously untrusted then). Maybe I've missed something obvious, but how would you do this? Thanks! Carl - -- "There are 10 types of people in the world: Those who understand binary and those that don't." _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |