48 lines
3.4 KiB
HTML
Executable File
48 lines
3.4 KiB
HTML
Executable File
<html>
|
|
<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
|
<title>Re: GSoC Port Forwarding</title>
|
|
<link rel="important stylesheet" href="">
|
|
<style>div.headerdisplayname {font-weight:bold;}
|
|
</style></head>
|
|
<body>
|
|
<table border=0 cellspacing=0 cellpadding=0 width="100%" class="header-part1"><tr><td><div class="headerdisplayname" style="display:inline;">Oggetto: </div>Re: GSoC Port Forwarding</td></tr><tr><td><div class="headerdisplayname" style="display:inline;">Mittente: </div>Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com></td></tr><tr><td><div class="headerdisplayname" style="display:inline;">Data: </div>05/08/2021, 23:31</td></tr></table><table border=0 cellspacing=0 cellpadding=0 width="100%" class="header-part2"><tr><td><div class="headerdisplayname" style="display:inline;">A: </div>Giulio <giulio@gmx.com></td></tr><tr><td><div class="headerdisplayname" style="display:inline;">CC: </div>Frédéric Pierret <frederic.pierret@qubes-os.org></td></tr></table><br>
|
|
<div class="moz-text-plain" wrap=true graphical-quote=true style="font-family: -moz-fixed; font-size: 14px;" lang="x-unicode"><pre wrap class="moz-quote-pre">
|
|
Sorry for late response...
|
|
|
|
On Sun, Aug 01, 2021 at 11:50:18PM +0200, Giulio wrote:
|
|
</pre><blockquote type=cite style="color: #007cff;"><pre wrap class="moz-quote-pre">
|
|
<span class="moz-txt-citetags">> </span>Hi,
|
|
<span class="moz-txt-citetags">> </span>I am still working on the implementation of the rules in the
|
|
<span class="moz-txt-citetags">> </span>core-agent-linux package. I have a couple of additional questions:
|
|
<span class="moz-txt-citetags">> </span>
|
|
<span class="moz-txt-citetags">> </span>1) Currently, I fail to understand and the inner workings the purpose of
|
|
<span class="moz-txt-citetags">> </span>the 'connected_ips' part. Could you give me an overall idea of it or any
|
|
<span class="moz-txt-citetags">> </span>useful additional details that you think may help me understand?
|
|
</pre></blockquote><pre wrap class="moz-quote-pre">
|
|
|
|
This is to inform what IPs belong to some VM, even powered off. This
|
|
way, firewall can prevent someone spoofing IP of a not running VM
|
|
(because it knows that IP cannot come from anywhere else).
|
|
|
|
</pre><blockquote type=cite style="color: #007cff;"><pre wrap class="moz-quote-pre">
|
|
<span class="moz-txt-citetags">> </span>2) Since, as we talked in the previous emails, the last node needs an
|
|
<span class="moz-txt-citetags">> </span>additional rule in order to forward the port from the external interface
|
|
<span class="moz-txt-citetags">> </span>I am wondering how the correct interface is to be determined. I would
|
|
<span class="moz-txt-citetags">> </span>automatically choose the device on which there is the route with the
|
|
<span class="moz-txt-citetags">> </span>default gateway/destination. But, is it a good idea? Or would be better
|
|
<span class="moz-txt-citetags">> </span>to let the user choose?
|
|
</pre></blockquote><pre wrap class="moz-quote-pre">
|
|
|
|
This is a very good question. I think the most user-friendly thing to
|
|
do, is to include all the external interfaces (network manager will
|
|
add several default gateways, just with different priorities). Maybe
|
|
later it can be made configurable, but I wouldn't worry about it right
|
|
now.
|
|
|
|
<div class="moz-txt-sig">--
|
|
Best Regards,
|
|
Marek Marczykowski-Górecki
|
|
Invisible Things Lab
|
|
</div></pre></div></body>
|
|
</html>
|
|
</table></div> |