Fábio Rabelo wrote: > Hi for all .. > > Just now I am implementing a similar setup, but with diferent aproach . > > My host system is bridged, but with no valid IP, just a class C to be > managed within internal network . > > Then all my guests have theyer own public IP AND a Class C IP, and all > run theyer own shorewall, with especific configuration . > > I beleave this is more secure, what do you thing Mr. Eastep ?
Either way can be made secure. A single Shorewall configuration is less work to set up. Again, I like a routed configuration -- the only time that a routed configuration doesn't work is if the guests have dynamic IP addresses and the ISP tracks MAC addresses. In that case, I don't believe it is possible to successfully run a dhcp relay on the firewall. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
