20210805-Re_GSoC Port Forwarding-14252.html 3.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748
  1. <html>
  2. <head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
  3. <title>Re: GSoC Port Forwarding</title>
  4. <link rel="important stylesheet" href="">
  5. <style>div.headerdisplayname {font-weight:bold;}
  6. </style></head>
  7. <body>
  8. <table border=0 cellspacing=0 cellpadding=0 width="100%" class="header-part1"><tr><td><div class="headerdisplayname" style="display:inline;">Oggetto: </div>Re: GSoC Port Forwarding</td></tr><tr><td><div class="headerdisplayname" style="display:inline;">Mittente: </div>Marek Marczykowski-Górecki &lt;marmarek@invisiblethingslab.com&gt;</td></tr><tr><td><div class="headerdisplayname" style="display:inline;">Data: </div>05/08/2021, 23:31</td></tr></table><table border=0 cellspacing=0 cellpadding=0 width="100%" class="header-part2"><tr><td><div class="headerdisplayname" style="display:inline;">A: </div>Giulio <giulio@gmx.com></td></tr><tr><td><div class="headerdisplayname" style="display:inline;">CC: </div>Frédéric Pierret &lt;frederic.pierret@qubes-os.org&gt;</td></tr></table><br>
  9. <div class="moz-text-plain" wrap=true graphical-quote=true style="font-family: -moz-fixed; font-size: 14px;" lang="x-unicode"><pre wrap class="moz-quote-pre">
  10. Sorry for late response...
  11. On Sun, Aug 01, 2021 at 11:50:18PM +0200, Giulio wrote:
  12. </pre><blockquote type=cite style="color: #007cff;"><pre wrap class="moz-quote-pre">
  13. <span class="moz-txt-citetags">&gt; </span>Hi,
  14. <span class="moz-txt-citetags">&gt; </span>I am still working on the implementation of the rules in the
  15. <span class="moz-txt-citetags">&gt; </span>core-agent-linux package. I have a couple of additional questions:
  16. <span class="moz-txt-citetags">&gt; </span>
  17. <span class="moz-txt-citetags">&gt; </span>1) Currently, I fail to understand and the inner workings the purpose of
  18. <span class="moz-txt-citetags">&gt; </span>the 'connected_ips' part. Could you give me an overall idea of it or any
  19. <span class="moz-txt-citetags">&gt; </span>useful additional details that you think may help me understand?
  20. </pre></blockquote><pre wrap class="moz-quote-pre">
  21. This is to inform what IPs belong to some VM, even powered off. This
  22. way, firewall can prevent someone spoofing IP of a not running VM
  23. (because it knows that IP cannot come from anywhere else).
  24. </pre><blockquote type=cite style="color: #007cff;"><pre wrap class="moz-quote-pre">
  25. <span class="moz-txt-citetags">&gt; </span>2) Since, as we talked in the previous emails, the last node needs an
  26. <span class="moz-txt-citetags">&gt; </span>additional rule in order to forward the port from the external interface
  27. <span class="moz-txt-citetags">&gt; </span>I am wondering how the correct interface is to be determined. I would
  28. <span class="moz-txt-citetags">&gt; </span>automatically choose the device on which there is the route with the
  29. <span class="moz-txt-citetags">&gt; </span>default gateway/destination. But, is it a good idea? Or would be better
  30. <span class="moz-txt-citetags">&gt; </span>to let the user choose?
  31. </pre></blockquote><pre wrap class="moz-quote-pre">
  32. This is a very good question. I think the most user-friendly thing to
  33. do, is to include all the external interfaces (network manager will
  34. add several default gateways, just with different priorities). Maybe
  35. later it can be made configurable, but I wouldn't worry about it right
  36. now.
  37. <div class="moz-txt-sig">--
  38. Best Regards,
  39. Marek Marczykowski-Górecki
  40. Invisible Things Lab
  41. </div></pre></div></body>
  42. </html>
  43. </table></div>