From: lew.pitcher@digitalfreehold.ca   
      
   On Wed, 01 May 2024 15:11:45 +0000, Lew Pitcher wrote:   
      
   > Hi, gals and guys   
   >   
   > As I've mentioned before, I'm late to the container party   
   > and starting to play around with LXC containers. This time,   
   > my goal is to model a container setup for my internet-facing   
   > server, to provide better security for its systems. More   
   > specifically, I am trying to model a layout which puts   
   > both my internet connection, and various internet-facing   
   > services into containers such that the arrangement provides   
   > a "bastion host" fronting a set of services running in a   
   > "DMZ" network, sandwitched between firewalls.   
   >   
   > Graphically, the concept looks like:   
   >   
   >            Internet   
   >               |   
   >             =====(firewall)   
   >           Bastion Host   
   >               |   
   >          -----+----- ...   
   >          |    |   
   >         ===  ===   .....   
   >         me  server   
   >   
   >   
   > To this end, I've put together a couple of LXC containers,   
   > one ("sysdev1") representing the "bastion host", and the   
   > other ("sysdev2") representing a service within the "DMZ"   
      
   I should mention that, in this configuration, I /have not/   
   implemented any firewall rules. I want to get basic routing   
   working before I start complicating the data flow with a   
   firewall.   
      
   [snip]   
      
      
   --   
   Lew Pitcher   
   "In Skills We Trust"   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)