On Friday 06 July 2007, Eric S. Johansson wrote: > I'm looking for a way to encapsulate applications on a firewall (IPCop). > My line of reasoning is an encapsulated extension environment would help > protect the integrity of the firewall and give users greater latitude in > creating extension applications. What I would like to do is install qemu > as a "virtual server" residing on the DMZ/Orange network with its interface > fully controlled by the Orange network firewall rules. I've run qemu and > am slightly familiar with the tun/tap setup but I don't know its > relationship to IP tables. Does is sit outside the rules like the raw > device or inside?
If you use usermode networking it's just like any other application running on that machine. If you use tap networking (recommended for this situation) it's just like any other network interface. Paul
