Christ Schlacta wrote: >So, I'm looking to set up a virtual router on my vlan enabled network. >I've got the modem on vlan 5, the LAN on vlan 10, and a guest vlan on >vlan 20. I'm sufficiently certain that, barring the addition of the >necessary shorewall rules to accomidate a virtual router, my vm host is >sufficiently secure for hosting the border router as a virtual machine.
Done something similar myself. Obviously there is no guarantee that someone won't find a hole (bug) somewhere and exploit it. But then that also applies to dedicated hardware routers as well. Other than that, it's a case of making sure that your policies and rules adequately lock down the network (particularly guest). I did set one up with 32 "client" VLANs for a business centre. The list of rules and policies grew quite quickly as I wanted to hide the other guests completely - so you have to block access from client networks to the router addresses on other networks, while still allowing access to the clients interface. Eg, a client on VLAN 20 needs to be able to connect to the router port on VLAN 20 for ping, DNS, DHCP, and so on, but shouldn't be able to see that there's anything on VLANs 21, 22, and so on. It's not hard, make the policy drop, and allow the access you want, it just makes for a long and repetitive rule list. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
