Gil Freund wrote: > Hi, > > I was asked about putting a firewall in Virtual Server environment. > As far as I can tell, XEN will allow me to assign a NIC as a PCI > desvice to a DomU. VMware will only allow the usage of the NIC as > bridge (albeit, without an IP address). Huh?
If you do set it up like that (and I did), please be sure to turn off hardware checksum generation for TCP/IP, or you'll have trouble connecting from the Xen machines that are behind the firewall to the internet. > My worries: > > 1. Will a DoS on the firewall "leak" to the Host/Dom0 environment? If you set up a QoS, it shouldn't. > 2. Are any of the environment susceptible to attack from a Guest/DomU > towards the Host/Dom0, assuming the firewall or DMZ have been > breached? It shouldn't. However, it is always possible that some security bug in Xen will leave a hole open. The same, of course, is true of VMWare. > > Gil Shachar -- Shachar Shemesh Lingnu Open Source Consulting ltd. Have you backed up today's work? http://www.lingnu.com/backup.html ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
