[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] DomU firewalling
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello everyone! I am testing an environment with N debian-based DomU's where each of them could be managed by diferent sysadmins. So I decided to deploy two additional DomU's for firewalling and provide proxy-based services for the rest of DomU's. The main reason is to provide granular access control (perimeter protection and limit interference between DomU's) withouth using Dom0. The IP address space is a /24 so the firewall (iptables) should work as a bridge. The proxy-DomU will be located on a DMZ-leg of the firewall-DomU. I have seen that each DomU is limited to 3 interfaces. My question is: Is there any way to overcome this limitation or at least to deal individually (point-to-point) with each DomU from the firewall-DomU point of view? I would really appreaciate any comments and experiences regarding this kind of approach or similare ones. Thanks a lot in advance, keep up with the good work! :) ...................................................................... __ / / Carles Fragoso i Mariscal C E / S / C A Tècnic de seguretat /_/ Centre de Supercomputació de Catalunya Gran Capità, 2-4 (Edifici Nexus) - 08034 Barcelona T. 93 205 6464 - F. 93 205 6979 - cfragoso@xxxxxxxx ...................................................................... pgp:0x0E4EDE07 - 335C CB9F 84E8 85E9 A62B EF3A 102F 01FF 0E4E DE07 ripe: AS13041 - CFM1-RIPE / iNOC-dba: 13041*CFM ...................................................................... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEOmx5EC8B/w5O3gcRAmsCAJ4986cbaflBZOHUDa2gbpIF83iV0gCgqcb4 jf1qxbTnL/KZ4xpgvwnKbqo= =Nh5H -----END PGP SIGNATURE----- _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |