Tue, 2 Apr 2002 13:22:56 -0500

 


----------------------------

On Tuesday, 04/02/2002 at 11:40 CST, Behan Martin - mbehan <martin.behan@ACXIOM.COM> wrote: > We are conducting a Linux discovery project. Running Linux under ZVM. > We are looking for way to control IP access. ZVM is doing IP forwarding > to the LINUX machines. We have LINUX using different sub nets. What is > the best way to restrict access from one LINUX subnet to another. Are > there any Redbooks or other examples you can point me to? You can use a Linux router instead of z/VM TCP/IP and implement a firewall. z/VM TCP/IP does not have any firewall functions. You could also create a "virtual backbone" which consists of z/VM TCP/IP routing to a ring of virtual Linux firewalls, each connected to another guest LAN. Each guest LAN would have its own subnet I.e. L = non-firwall Linux LFW = firewall Linux VM = VM TCP/IP L L L -----------+-------- guest LAN #3 | L L L | L L L guest LAN #2 --------+ | +--------- guest LAN #4 | | | LFW LFW LFW | | | guest LAN #1 ---+-----+-----+-- | VM | --------Real LAN--------+--------- Alan Altmark Sr. Software Engineer IBM z/VM Development ---------------



----------------------------

On Tuesday, 04/02/2002 at 11:40 CST, Behan Martin - mbehan <martin.behan@ACXIOM.COM> wrote: > We are conducting a Linux discovery project. Running Linux under ZVM. > We are looking for way to control IP access. ZVM is doing IP forwarding > to the LINUX machines. We have LINUX using different sub nets. What is > the best way to restrict access from one LINUX subnet to another. Are > there any Redbooks or other examples you can point me to? You can use a Linux router instead of z/VM TCP/IP and implement a firewall. z/VM TCP/IP does not have any firewall functions. You could also create a "virtual backbone" which consists of z/VM TCP/IP routing to a ring of virtual Linux firewalls, each connected to another guest LAN. Each guest LAN would have its own subnet I.e. L = non-firwall Linux LFW = firewall Linux VM = VM TCP/IP L L L -----------+-------- guest LAN #3 | L L L | L L L guest LAN #2 --------+ | +--------- guest LAN #4 | | | LFW LFW LFW | | | guest LAN #1 ---+-----+-----+-- | VM | --------Real LAN--------+--------- Alan Altmark Sr. Software Engineer IBM z/VM Development ---------------






S
e
n
i
o
r
T
u
b
e
.
o
r
g