how about user-mode-linux, isn't it better for this perpose (i.e. as a sandbox) ?On 8/29/06, Muli Ben-Yehuda <[EMAIL PROTECTED]
> wrote:On Tue, Aug 29, 2006 at 08:37:13PM +0300, Gil Freund wrote:> >Yes, but that makes the domU trusted (an attacker with root access ot
> >the domU can easily take dow
On Tue, Aug 29, 2006 at 08:37:13PM +0300, Gil Freund wrote:
> >Yes, but that makes the domU trusted (an attacker with root access ot
> >the domU can easily take down the entire machine - unless you have an
> >isolation capable IOMMU)
>
> Can you elaborate a little more? Does this mean that if the
On 8/29/06, Muli Ben-Yehuda <[EMAIL PROTECTED]> wrote:
On Mon, Aug 28, 2006 at 11:21:36PM +0300, Gil Freund wrote:
> I was asked about putting a firewall in Virtual Server environment.
> As far as I can tell, XEN will allow me to assign a NIC as a PCI
> desvice to a DomU.
Yes, but that makes th
On 8/29/06, Oleg Goldshmidt <[EMAIL PROTECTED]> wrote:
"Gil Freund" <[EMAIL PROTECTED]> writes:
> I was asked about putting a firewall in Virtual Server environment.
You may be interested in this VMware appliance[1,2]
This means it's doable. My concern is "Is it wise to do it?".
http://www
"Gil Freund" <[EMAIL PROTECTED]> writes:
> I was asked about putting a firewall in Virtual Server environment.
You may be interested in this VMware appliance[1,2]
http://www.vmware.com/vmtn/appliances/directory/245
- a winning entry (3rd prize) to the VMware Ultimate Virtual Appliance
Challenge
On Tue, Aug 29, 2006 at 11:36:27AM +0300, Shachar Shemesh wrote:
> Solution: RTFM ethtool for the command line option to disable hardware
> offloading of checksum calculation.
ethtool -K ethN tx off
> Muli,
> This seems to me like a conceptual bug in the way Xen determines which
> is the true de
Muli Ben-Yehuda wrote:
> On Tue, Aug 29, 2006 at 12:17:53AM +0300, Shachar Shemesh wrote:
>
>
>> If you do set it up like that (and I did), please be sure to turn off
>> hardware checksum generation for TCP/IP, or you'll have trouble
>> connecting from the Xen machines that are behind the firew
Muli Ben-Yehuda wrote:
> On Tue, Aug 29, 2006 at 12:17:53AM +0300, Shachar Shemesh wrote:
>
>
>> If you do set it up like that (and I did), please be sure to turn off
>> hardware checksum generation for TCP/IP, or you'll have trouble
>> connecting from the Xen machines that are behind the firew
On Tue, Aug 29, 2006 at 12:17:53AM +0300, Shachar Shemesh wrote:
> If you do set it up like that (and I did), please be sure to turn off
> hardware checksum generation for TCP/IP, or you'll have trouble
> connecting from the Xen machines that are behind the firewall to the
> internet
There were s
On Mon, Aug 28, 2006 at 11:21:36PM +0300, Gil Freund wrote:
> I was asked about putting a firewall in Virtual Server environment.
> As far as I can tell, XEN will allow me to assign a NIC as a PCI
> desvice to a DomU.
Yes, but that makes the domU trusted (an attacker with root access ot
the domU
Gil Freund wrote:
> Hi,
>
> I was asked about putting a firewall in Virtual Server environment.
> As far as I can tell, XEN will allow me to assign a NIC as a PCI
> desvice to a DomU. VMware will only allow the usage of the NIC as
> bridge (albeit, without an IP address).
Huh?
If you do set it up
Hi,
I was asked about putting a firewall in Virtual Server environment.
As far as I can tell, XEN will allow me to assign a NIC as a PCI
desvice to a DomU. VMware will only allow the usage of the NIC as
bridge (albeit, without an IP address).
My worries:
1. Will a DoS on the firewall "leak" to
12 matches
Mail list logo
