On Wed, Mar 22, 2006 at 10:51:34AM -0800, David Lang wrote: > >if your goal is for the uml to see *every* packet, bridging doesn't do > >what you want. linux bridging acts as a switch, and it won't forward > >packets through to the uml if it knows that the dst mac is on the > >physical (ethN) side of the bridge. > > > >otoh, if you just want the uml to see the traffic associated with its > >mac, bridging should work fine. > > the idea is that I'm picking up a physical box and replacing it with a uml > instance. I would like for the host of these uml's to be as minimal as > possible to reduce any vunerabilities that are introduces by connecting > this host across different security environments.
Well, think of it like this. The network as seen by the uml guest bridged to the host's ethX as we've been discussing is indistinguishable from the case where the guest is running on physical hardware and connected to the same network by a 2-port switch. This is true even to the extent that if the host has many interfaces, and only one of them has an IP (for management) while the rest bridge to uml tap devices, then packets sent from a uml guest to the host's IP will be received on the host's tap0, forwarded through the host's bridge onto the lan, and received _again_ on the host's management interface before being "seen" by the IP stack on the host. (the same is not always true if an IP is assigned to the bridge on the host). so modulo speed or load issues, a uml set up this way should work for you. Jason ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ User-mode-linux-user mailing list User-mode-linux-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
