Andrew Suffield wrote: > On Wed, Aug 01, 2007 at 06:46:30PM -0400, Roberto C. S?nchez wrote: >> On Wed, Aug 01, 2007 at 11:50:17AM +0100, Simon Hobson wrote: >>> I've now had chance to experiment with both bridges and routed setups >>> (copying Toms example on the web site) for Xen, here are a few >>> observations : >>> >>> Bridged: >>> >>> Default setup, easy to get the network going. >>> Shorewall works but has some limitations in a bridged environment, >>> but in dom-u's works just like a real single interface machine. >>> >> What I really like about bridged is that (from a networking perspective) >> each domU is indistinguishable from a physical host on the same network >> as the dom0. Depending on your needs, that may be good or bad. >> However, I tend to think of it as a very good thing. > > It basically reduces to the question of: > > Is your purpose in using Xen just to segregate some virtual hosts as > an alternative to buying several boxes, or to create hosts with more > restricted capabilities than a normal one? >
I agree. And if you need more restricted capabilities than a normal one then you should consider running a firewall in front of the Xen host or you should consider switching to a configuration other than one where you run Shorewall in your bridged Dom0. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
