From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1I6rkG-0007jm-D7
	for qemu-devel@nongnu.org; Fri, 06 Jul 2007 13:37:28 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1I6rkF-0007iE-Ia
	for qemu-devel@nongnu.org; Fri, 06 Jul 2007 13:37:28 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1I6rkF-0007ht-9F
	for qemu-devel@nongnu.org; Fri, 06 Jul 2007 13:37:27 -0400
Received: from main.gmane.org ([80.91.229.2] helo=ciao.gmane.org)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.60) (envelope-from <gceq-qemu-devel@m.gmane.org>)
	id 1I6rkE-00053O-OI
	for qemu-devel@nongnu.org; Fri, 06 Jul 2007 13:37:26 -0400
Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1I6rk9-0008GU-Hs
	for qemu-devel@nongnu.org; Fri, 06 Jul 2007 19:37:21 +0200
Received: from harvee.org ([70.91.135.121])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <qemu-devel@nongnu.org>; Fri, 06 Jul 2007 19:37:21 +0200
Received: from esj by harvee.org with local (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <qemu-devel@nongnu.org>; Fri, 06 Jul 2007 19:37:21 +0200
From: "Eric S. Johansson" <esj@harvee.org>
Date: Fri, 06 Jul 2007 13:36:23 -0400
Message-ID: <f6luk9$teg$1@sea.gmane.org>
References: <f6l2jd$nm0$1@sea.gmane.org>
	<200707061527.48372.paul@codesourcery.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
In-Reply-To: <200707061527.48372.paul@codesourcery.com>
Sender: news <news@sea.gmane.org>
Subject: [Qemu-devel] Re: suitability for extension encapsulation in firewall
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Paul Brook wrote:

> 
> If you use tap networking (recommended for this situation) it's just like any 
> other network interface.

what I was looking for was the ability to place the qemu tap interface on the 
same subnet as the DMZ network and outside of the firewall rules so that it 
behaves exactly the same as a machine in the DMZ.  that is, it is 
protected/blocked by the orange network rules and can access any other machine 
on the DMZ without any hindrance.  I need to think about this a bit.  Both in 
terms of how to set up a simulated firewall environment and how I would 
configure the tap interface.  I can just see myself running qemu inside of qemu 
and 3 virtual networks.

---eric