2 messages in com.xensource.lists.xen-devel[Xen-devel] NFS and interface security
FromSent OnAttachments
stev...@TerraLuna.Org17 Jan 2004 08:04 
Ian Pratt17 Jan 2004 11:00 
Subject:[Xen-devel] NFS and interface security
From:stev...@TerraLuna.Org (stev@TerraLuna.Org)
Date:01/17/2004 08:04:19 AM
List:com.xensource.lists.xen-devel

Two Xen features I like very much:

- Virtual domains can't see each others' traffic via 'tcpdump', which means that, for instance, guests using NFS root partitions are relatively isolated from each other on the wire.

- In a virtual domain, I can't simply 'ifconfig eth0:1 ip.on.my.lan' and expect it to route; i.e. virtual domains can't steal IP addresses.

Kudos to whoever made this work right. Am I correct in my interpretations here? I.e. is this as secure as it looks?

There's a note in TODO that says "The current virtual firewall/router is completely broken." Is this still valid?

Steve

-- Stephen G. Traugott (KG6HDQ) UNIX/Linux Infrastructure Architect, TerraLuna LLC stev@TerraLuna.Org http://www.stevegt.com -- http://Infrastructures.Org

_______________________________________________ Xen-devel mailing list Xen-@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel