[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] suitability for extension encapsulation in firewall

From: Paul Brook
Subject: Re: [Qemu-devel] suitability for extension encapsulation in firewall
Date: Fri, 6 Jul 2007 15:27:47 +0100
User-agent: KMail/1.9.7

On Friday 06 July 2007, Eric S. Johansson wrote:
> I'm looking for a way to encapsulate applications on a firewall (IPCop). 
> My line of reasoning is an encapsulated extension environment would help
> protect the integrity of the firewall and give users greater latitude in
> creating extension applications.  What I would like to do is install qemu
> as a "virtual server" residing on the DMZ/Orange network with its interface
> fully controlled by the Orange network firewall rules.  I've run qemu and
> am slightly familiar with the tun/tap setup but I don't know its
> relationship to IP tables.  Does is sit outside the rules like the raw
> device or inside?

If you use usermode networking it's just like any other application running on 
that machine.

If you use tap networking (recommended for this situation) it's just like any 
other network interface.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]