[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] suitability for extension encapsulation in firewall
|
From: |
Paul Brook |
|
Subject: |
Re: [Qemu-devel] suitability for extension encapsulation in firewall |
|
Date: |
Fri, 6 Jul 2007 15:27:47 +0100 |
|
User-agent: |
KMail/1.9.7 |
On Friday 06 July 2007, Eric S. Johansson wrote:
> I'm looking for a way to encapsulate applications on a firewall (IPCop).
> My line of reasoning is an encapsulated extension environment would help
> protect the integrity of the firewall and give users greater latitude in
> creating extension applications. What I would like to do is install qemu
> as a "virtual server" residing on the DMZ/Orange network with its interface
> fully controlled by the Orange network firewall rules. I've run qemu and
> am slightly familiar with the tun/tap setup but I don't know its
> relationship to IP tables. Does is sit outside the rules like the raw
> device or inside?
If you use usermode networking it's just like any other application running on
that machine.
If you use tap networking (recommended for this situation) it's just like any
other network interface.
Paul