I suppose a more secure method would be to run the host machine as the
firewall, with other server functions such as the web and email servering
run under plex86. But, as far as I can summise, plex86 has some way to go
before this would be stable. I read something vaguely about using UML (user
mode linux) for this sort of setup - does anyone in this list know anything
about that?
>Psyon wrote:
>>
>> > I think this would be a very bad idea. The main reasons for making the
>> > firewall a spearate machine are:
>> >
>> > 1) Security. The firewall should absolutely not be compromisable. The
>> > whole point of a firewall is to protect your vulnerable machines behind
>> > it. If the firewall runs in a VM of any kind, then the host machine is
>> > also on the Internet, and unprotected. Compromise of this machine would
>> > allow the firewall to be bypassed completely (killall plex86).
>> >
>>
>> This is not entirely true. [snip]
>
>I think the point is, if you have a machine with unknown levels of
>security,
>(the host machine), how can you make it more secure by adding more
>software?
>You really need to start closing off ports etc. rather than adding a new
>layer of masquerading.
>
>Or, maybe you could stick a sign on the host machine saying "This is
>now a firewall, no hackers pls"
>
>:-P
>
>-Cam
>--
>=========================
>= Camilo Mesias =
>= ([EMAIL PROTECTED]) =
>=========================
>
>
