On Fri, 2007-01-19 at 00:54 -0500, Kanwar Ranbir Sandhu wrote: > On Wed, 2007-01-10 at 16:44 -0500, Kanwar Ranbir Sandhu wrote: > > Would I be crazy to use one physical box to run a few internal Xen domU > > (stuff for the LAN), and use the same host to run a few domU in a DMZ > > (website, mail, etc.)? Besides the fact that a DoS attack on the DMZ > > domU could slow the domU on the LAN side down to a crawl, is there > > anything else that I should be concerned about? > > > > I have a small home office, and want to consolidate my three servers to > > two. Besides saving some electricity, the box in the DMZ is old and > > slow - the one I want to consolidate to is _much_ better. The better > > server is already running Xen and a few domU, actually. > > > > Has anyone done this? A little part of me says it would be fool hardy, > > but I can be convinced otherwise! > > Does anyone have an opinion on this? I'm still wondering if it's wise > to use one Xen box for domUs in a DMZ and domUs in a trusted network. > > Thanks, > > Ranbir > My opinion of this, Well If you configure it well I don't see a problem (as far as I known xen) Make shore the can't hack dom0 keep this ip internal and place only domU's in dmz (best via other network card or via vlan's) I don't think that bridging only is save enough when someone hacks a domU Mario, -- Fedora-xen mailing list Fedora-xen@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-xen
