[ILUG] Virtual server question
Kerry Linux Support
support at kerry-linux.ie
Mon Jul 20 13:44:10 IST 2009
> Kevin Philp <lists at cybercolloids.net> wrote:
>
> Does it make sense to run virtual servers using the same topology logic as
> you would with physical servers i.e. a server for the firewall and another
> server for the internal network.
Yes of course, you can configure your virtual servers similar to
different
physical servers, but you have to bear in mind, that the virtual servers
all share the one machine's network interfaces. If you try to isolate
servers from one another you have to setup the iptables rules carefully to
make sure, that no undesired traffic is possible. For instance your
virtual NFS server should only be allowed to use the "internal" network interface
and the virtual web server/ssh server/whatever public service server needs
to be confined to the other ("public") one. Your firewall server would need to
use both and if this server delivers proxy services to the internal LAN,
iptables can be getting tricky.
> Does it make sense to split off various
> functions into different i.e. a separate server for the local NFS server and
> another for external SSH access.
Absolutely, if the horsepower of your host allows that.
Regards
Kerry Linux Support,
Valentia Island
More information about the ILUG
mailing list