Internal networking: How are IPs chosen, why class C subnet.
19 views
Skip to first unread message
Robert Mittendorf
Oct 28, 2016, 4:51:08 AM10/28/16
to qubes-users
Hey,
yesterday I noticed that even if VMs share a class C network, all trafic
is routed through the gateway and by default the gateway does not allow
a connection to other VMs in the same subnet.
This makes a lot of sense from a security perspective, but the shown
information is missleading.
With IP 10.137.x.y and class C subnet (255.255.255.0) one would expect
to be able to communicate with IP 10.137.x.z directly. I guess this is
just the preconfiguration of the templates and user-build template would
be able to communicate directly when they are in the same network?!
How are IPs chosen anyway? A class C-subnet "behind" every ProxyVM or NetVM?
regards,
Robert
yesterday I noticed that even if VMs share a class C network, all trafic
is routed through the gateway and by default the gateway does not allow
a connection to other VMs in the same subnet.
This makes a lot of sense from a security perspective, but the shown
information is missleading.
With IP 10.137.x.y and class C subnet (255.255.255.0) one would expect
to be able to communicate with IP 10.137.x.z directly. I guess this is
just the preconfiguration of the templates and user-build template would
be able to communicate directly when they are in the same network?!
How are IPs chosen anyway? A class C-subnet "behind" every ProxyVM or NetVM?
regards,
Robert
Manuel Amador (Rudd-O)
Oct 28, 2016, 7:05:12 AM10/28/16
to qubes...@googlegroups.com
On 10/28/2016 08:51 AM, Robert Mittendorf wrote:
> Hey,
>
> yesterday I noticed that even if VMs share a class C network, all
> trafic is routed through the gateway and by default the gateway does
> not allow a connection to other VMs in the same subnet.
> This makes a lot of sense from a security perspective, but the shown
> information is missleading.
qubes-network-server does the right thing if you have a number of VMs
> Hey,
>
> yesterday I noticed that even if VMs share a class C network, all
> trafic is routed through the gateway and by default the gateway does
> not allow a connection to other VMs in the same subnet.
> This makes a lot of sense from a security perspective, but the shown
> information is missleading.
with assigned static IPs. Traffic gets routed to the right VM.
--
Rudd-O
http://rudd-o.com/
Reply all
Reply to author
Forward
0 new messages