Jonathan Tripathy a écrit : > >> I am not a Xen expert, but AFAICT, you can configure iptables in the VM >> and in the host. >> >> note that I am not saying you should do that. it really depends on your >> setup. if you can script the work to implement "centralized" admin, then >> it may be worth the pain. >> > Yeah, I'm using to scripting iptables upon VM boot and shutdown for > customers, so setting this up for iptables should be ok. Xen makes life > so much easier by giving each VM an interface, so you can filter based > on that. >> >>> So you think given this, that placing the mail sever in the DMZ is ok >>> then? >>> >>> >> sure it is. as already recommended, you can use VLAN to implement >> logical segmentation inside a zone (provided your VLAN implementation >> can't be circumvented. remember, this is only logical...). >> > Think it would be ok if I didn't use VLAN segmentation, but just used > iptables between hosts? I think this would nearly achieve the same thing...
these are different things. VLAN is about ethernet. iptables/pf is about IP. anyway, I think we're OT here since some posts, so let's not annoy other members. feel free to contact me offlst if needed/appropriate.
