[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Edlug Archive Mar 2004 ]

Re: [edlug] DMZ and UML





> I add another NIC and bind that to the UML kernel exclusively?

Yes. E.g use the tuntap=eth<X> but don't set up the eth<X> in the host kernel.

It's always a good idea to have services that the outside world can connect to in a DMZ. If you didn't and they broke out of a UMl session you'd be in trouble.


Yours Faye

This time she's the lesser of two evils.

http://www.morpheux.org





Magnus Hagdorn wrote:
Hi all,
I was wondering if there is any point in having a DMZ (as in
de-militarised zone) on a UML (user mode linux). Well, I've got a server
running which is connected to the internet all the time. The server is
obviously firewalled. Inevitably, I ended up opening more and more ports
on the firewall to allow external service access. I guess I could run a
UML machine on the server for all the external stuff. The question is,
is there a point in doing so (security-wise)? The other question is, can
I add another NIC and bind that to the UML kernel exclusively?
Cheers
magi

-
----------------------------------------------------------------------
You can find the EdLUG mailing list FAQ list at:
http://www.edlug.org.uk/list_faq.html

-
----------------------------------------------------------------------
You can find the EdLUG mailing list FAQ list at:
http://www.edlug.org.uk/list_faq.html



This archive is kept by wibble@morpheux.org.DONTSPAMME
homepage