[Fedora-xen] Internal and external domains on one host
Mario Verbelen
mario at verbelen.org
Fri Jan 19 07:48:26 UTC 2007
On Fri, 2007-01-19 at 00:54 -0500, Kanwar Ranbir Sandhu wrote:
> On Wed, 2007-01-10 at 16:44 -0500, Kanwar Ranbir Sandhu wrote:
> > Would I be crazy to use one physical box to run a few internal Xen domU
> > (stuff for the LAN), and use the same host to run a few domU in a DMZ
> > (website, mail, etc.)? Besides the fact that a DoS attack on the DMZ
> > domU could slow the domU on the LAN side down to a crawl, is there
> > anything else that I should be concerned about?
> >
> > I have a small home office, and want to consolidate my three servers to
> > two. Besides saving some electricity, the box in the DMZ is old and
> > slow - the one I want to consolidate to is _much_ better. The better
> > server is already running Xen and a few domU, actually.
> >
> > Has anyone done this? A little part of me says it would be fool hardy,
> > but I can be convinced otherwise!
>
> Does anyone have an opinion on this? I'm still wondering if it's wise
> to use one Xen box for domUs in a DMZ and domUs in a trusted network.
>
> Thanks,
>
> Ranbir
>
My opinion of this,
Well If you configure it well I don't see a problem (as far as I known
xen)
Make shore the can't hack dom0 keep this ip internal and place only
domU's in dmz (best via other network card or via vlan's)
I don't think that bridging only is save enough when someone hacks a
domU
Mario,
More information about the Fedora-xen
mailing list