On Wednesday 22 March 2006 19:28, David Lang wrote: > On Wed, 22 Mar 2006, Blaisorblade wrote: > > On Wednesday 22 March 2006 18:58, David Lang wrote: > >> Ok, not that I have interfaces showing up inside uml (2.6.15.6 didn't > >> work, but 2.6.16 does) I have another question.
> >> is it possible to dedicate physical network interfaces to particular uml > >> interfaces? > > I'm not sure, but I think you're asking the wrong question. If your > > purpose is security, the best answer is iptables, filtering based on -i > > (ingress interface). > we're evaluating different options for these virtual machines. for the > vmware option there is a claim that the host doesn't need to have an IP > address on a particular nic to allow a virtual machine to access things on > that nic. if the host doesn't try to process the packet, but instead just > hands it to the uml then odds are that any network based kernel > vunerabilities will happen in the uml as opposed to the host system > Ok, I'll give it a try > hmm, do the host eth0 and tap0 need to have an IP address? or could I get > away with just the one IP address defined in the uml? In the page I pointed you to there's an explaination about bridging, and on my homepage there's a "links" sections with various other articles. Between the various stuff, you'll see that eth0 and tap0 are given no IP but only br0 is; I'm not sure if this can be skipped too. > > The bad side is that each UML sees every packet the host sees. > this isn't a problem, the host will not be doing anything at all on those > networks except providing access for the uml to access it (the host will > have another interface that it uses for administrative access) -- Inform me of my mistakes, so I can keep imitating Homer Simpson's "Doh!". Paolo Giarrusso, aka Blaisorblade (Skype ID "PaoloGiarrusso", ICQ 215621894) http://www.user-mode-linux.org/~blaisorblade ___________________________________ Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB http://mail.yahoo.it ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ User-mode-linux-user mailing list User-mode-linux-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
