123456789101112131415161718192021222324252627282930313233343536373839404142434445464748 |
- <html>
- <head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
- <title>Re: GSoC Port Forwarding</title>
- <link rel="important stylesheet" href="">
- <style>div.headerdisplayname {font-weight:bold;}
- </style></head>
- <body>
- <table border=0 cellspacing=0 cellpadding=0 width="100%" class="header-part1"><tr><td><div class="headerdisplayname" style="display:inline;">Oggetto: </div>Re: GSoC Port Forwarding</td></tr><tr><td><div class="headerdisplayname" style="display:inline;">Mittente: </div>Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com></td></tr><tr><td><div class="headerdisplayname" style="display:inline;">Data: </div>05/08/2021, 23:31</td></tr></table><table border=0 cellspacing=0 cellpadding=0 width="100%" class="header-part2"><tr><td><div class="headerdisplayname" style="display:inline;">A: </div>Giulio <giulio@gmx.com></td></tr><tr><td><div class="headerdisplayname" style="display:inline;">CC: </div>Frédéric Pierret <frederic.pierret@qubes-os.org></td></tr></table><br>
- <div class="moz-text-plain" wrap=true graphical-quote=true style="font-family: -moz-fixed; font-size: 14px;" lang="x-unicode"><pre wrap class="moz-quote-pre">
- Sorry for late response...
- On Sun, Aug 01, 2021 at 11:50:18PM +0200, Giulio wrote:
- </pre><blockquote type=cite style="color: #007cff;"><pre wrap class="moz-quote-pre">
- <span class="moz-txt-citetags">> </span>Hi,
- <span class="moz-txt-citetags">> </span>I am still working on the implementation of the rules in the
- <span class="moz-txt-citetags">> </span>core-agent-linux package. I have a couple of additional questions:
- <span class="moz-txt-citetags">> </span>
- <span class="moz-txt-citetags">> </span>1) Currently, I fail to understand and the inner workings the purpose of
- <span class="moz-txt-citetags">> </span>the 'connected_ips' part. Could you give me an overall idea of it or any
- <span class="moz-txt-citetags">> </span>useful additional details that you think may help me understand?
- </pre></blockquote><pre wrap class="moz-quote-pre">
- This is to inform what IPs belong to some VM, even powered off. This
- way, firewall can prevent someone spoofing IP of a not running VM
- (because it knows that IP cannot come from anywhere else).
- </pre><blockquote type=cite style="color: #007cff;"><pre wrap class="moz-quote-pre">
- <span class="moz-txt-citetags">> </span>2) Since, as we talked in the previous emails, the last node needs an
- <span class="moz-txt-citetags">> </span>additional rule in order to forward the port from the external interface
- <span class="moz-txt-citetags">> </span>I am wondering how the correct interface is to be determined. I would
- <span class="moz-txt-citetags">> </span>automatically choose the device on which there is the route with the
- <span class="moz-txt-citetags">> </span>default gateway/destination. But, is it a good idea? Or would be better
- <span class="moz-txt-citetags">> </span>to let the user choose?
- </pre></blockquote><pre wrap class="moz-quote-pre">
- This is a very good question. I think the most user-friendly thing to
- do, is to include all the external interfaces (network manager will
- add several default gateways, just with different priorities). Maybe
- later it can be made configurable, but I wouldn't worry about it right
- now.
- <div class="moz-txt-sig">--
- Best Regards,
- Marek Marczykowski-Górecki
- Invisible Things Lab
- </div></pre></div></body>
- </html>
- </table></div>
|