[SOLVED] Virtualization and Routers for Online Security
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am about to jump into "virtualization" via VMware Server 1.0.1. I have read that each "virtualized" OS acts independently so if one goes it should not impact the others. My understanding is that a virtual guest OS, such as a virtual guest Win2k or virtual guest Linux, would still be vulnerable to the virus, etc that would impact a "real" Win2k or "real" linux.
This made a light bulb go on in my head, as well as a question mark. I believe every OS, real or virtual, should have firewall protection. I intend to have my host OS (Linux MEPIS) use VMware Server 1.0.1 to create 2 virtual guest OS (a. Win2k and b. 1 other Linux distro).
Thus, I would effectively have 3 OS in operation: My host (Linux MEPIS) and 2 virtual guest OS. Instead of messing with a firewall for each of the 3 OS, is it possible to simply buy a router to act as a firewall for all 3 OS, simultaneously?
If yes, then would the fact that one OS is "real" and two are "virtual" complicate router configuration or router effectiveness?
If no, then what are my options?
FYI: No wifi is involved, this is all "old fashion" wired broadband.
I believe every OS, real or virtual, should have firewall protection. (..) Instead of messing with a firewall for each of the 3 OS
Here you're contradicting yourself. Anyway. Think "defense in depth".
Avoid single points of failure, allow multiple points of access control.
One firewall (device) good, more firewalls better.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Firewalls are not only to protect "intenal" hosts from "external" attacks, but also to protect each internal host from the other. You still need firewalls on the virtual OSs to make sure the other hosts on the same network don't attack them. This drastically reduces the chances that one idiot user will cause your entire network to be infected.
So I should have a separate firewall for each OS? For example, one for my host OS (Linux MEPIS) and one for a virtual guest Win2k or XP and one for a virtual guest linux some-random-distro?
I was always under the impression that running more than one firewall was a bad idea, like running more than one anti-virus was a bad idea. For example, if you buy and install a 3rd party firewall for XP, it is usually a good idea to turn off the firewall that comes with XP.
Does my impression not apply here, or is there more to it?
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Quote:
Originally Posted by MBA Whore
So I should have a separate firewall for each OS? For example, one for my host OS (Linux MEPIS) and one for a virtual guest Win2k or XP and one for a virtual guest linux some-random-distro?
Yes, absolutely.
Quote:
I was always under the impression that running more than one firewall was a bad idea, like running more than one anti-virus was a bad idea. For example, if you buy and install a 3rd party firewall for XP, it is usually a good idea to turn off the firewall that comes with XP.
Does my impression not apply here, or is there more to it?
That's because running two programs that interact deeply with the kernel to do the same thing, at the same time, can have unpredictable results. That is inside a single OS, though. You're running 3 different OSs. Each one needs a firewall and they won't conflict with each other.
That's because running two programs that interact deeply with the kernel to do the same thing, at the same time, can have unpredictable results. That is inside a single OS, though. You're running 3 different OSs. Each one needs a firewall and they won't conflict with each other.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.