I need to know something...Is about UML security.
If I run an firewall in host (like portsentry or snort), my UMLs will be secure, or I have to run firewalls inside each one?
I'm confuse about this because UMLs use the same host fisical network
card, so, I want to have sure about this...
From: roland <for_spam@gm...> - 2004-05-02 13:53:04
first of, please don`t muddle up an intrusion detection system (which portsentry or snort is) with a firewall.
that is something completely differend - though they probably can be used in conjunction with a firewall (snort-inline).
a firewall is something like iptables on linux, ipfilter/sunscreen on solaris or kerio/zonealarm (or whatever) on windoze.
the security of your UMLs mainly depends on the network setup, you are running them. if their ip is visible from the internet and
the packet-filter on your host doesn`t have the appropriate filtering rules, they are as insecure as any other machine - especially
when you use bridging.
firewall rules apply to the ip interface , not the physical network interface (which is not completely true, since there is
"ebtables", which can filter ip packets on ethernet layer)
----- Original Message -----
To: "UML" <user-mode-linux-user@...>
Sent: Sunday, May 02, 2004 7:37 AM
Subject: [uml-user] UML security from host ?
> I need to know something...Is about UML security.
> If I run an firewall in host (like portsentry or snort), my UMLs will be secure, or I have to run firewalls inside each one?
> I'm confuse about this because UMLs use the same host fisical network
> card, so, I want to have sure about this...
> Thank you
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> User-mode-linux-user mailing list
From: James Walden <jwalden@ee...> - 2004-05-03 14:19:03
> If I run an firewall in host (like portsentry or snort)
Those are intrusion detection systems. Perhaps you mean iptables?
> my UMLs will be secure, or I have to run firewalls inside each one?
If you're using a virtual bridge, you can use iptables to filter
incoming and outgoing packets on the virtual bridge device to protect
all of your UML virtual machines. If you did mean intrusion detection
systems, you can have snort or some other packet sniffer watch all of
your UMLs by having it grab all of the packets from the virtual bridge
If you're using Linux kernel 2.6, iptables will let you filter based on
the individual ports on the bridge, so you could have different filter
rules for your mail server connected to bridge port uml0 and for you web
server connected to bridge port uml1. This solution is especially
useful if you don't have static IP addresses. You'll need ebtables to
do the same type of filtering on kernel 2.4.
James Walden, Ph.D.
Visiting Assistant Professor of EECS
The University of Toledo @ LCCC