> Could you elborate on when it would be beneficial to have multiple tap
> devices rather than just the one?
With a dedicated tap device, you'll probably see slightly lower network
latencies because the packets have a shorter path to the UML. If these
things are going to be sitting on the public internet, that probably doesn't
> A coworker is trying to convince me that if all the various daemons
> (apache, sshd etc) are not listening to specific IPs, then they won't
> be able to filter the traffic that is explicitly for them. I take it
> that he's mistaken?
That sounds totally bogus. The servers on the host are probably listening
to 0.0.0.0 and you don't have any problems filtering them.