 Home |
Products |
Support |
Community |
News |
xen-devel
[Xen-devel] iptables filtering when bridging
| To: | xen-devel@xxxxxxxxxxxxxxxxxxx |
|---|---|
| Subject: | [Xen-devel] iptables filtering when bridging |
| From: | David <big.raiders.fan@xxxxxxxxx> |
| Date: | Wed, 9 May 2007 10:04:37 -0400 |
| Delivery-date: | Wed, 09 May 2007 07:03:01 -0700 |
| Dkim-signature: | a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; b=QHVJWLXF78klk8UhByWUWDgqga5q6Zmsp8pJXOGG6zmbePD1VZMfpR52QBrl1U+maIuYu/4AVxTV8z3DIYcBRQPchFlDqoYhL4Xyy577TuTlDvfU0WQRbf3qxHXVtz1ra2QJGppXaVY7HErZDTsnk4nO6mlPqAK4QU+jVjO6pbQ= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=cyYaCf/HnB79HjaupEJ8wanRMCsSd3VH8S+2lW41VXSfxE+FaxaHXeNgm62LuRMr7F8FOxpPB6FW2O/7s8i1MSizLLkjMxQRVepXSMBmpVBGytcT+8cme9nPUvqCJSlZhJ5TMSsPsRzqXJeQhxnmmn8Zr6UBeJ2R5M+PM4gE+bA= |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxx |
| List-help: | <mailto:xen-devel-request@lists.xensource.com?subject=help> |
| List-id: | Xen developer discussion <xen-devel.lists.xensource.com> |
| List-post: | <mailto:xen-devel@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe> |
| Sender: | xen-devel-bounces@xxxxxxxxxxxxxxxxxxx |
|
Still sort of new to Xen, and have been playing around with it bridging ethernet traffic between Dom0 and DomU. I'm trying to figure out how to have iptables filtering performed in Dom0 when bridging. I've found some references to using the following command: ebtables -t broute -A BROUTING -p ipv4 --ip-proto 6 --ip-dport 80 -j redirect --redirect-target ACCEPT (For now, I just want to filter Web traffic). Using the above rule, and logging the ebtables and iptables traffic, I see that traffic is going into the ebtables' Filter table's Input chain, but then I see no activity after that. The Web browser in DomU never sees any packets. Based on http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png, the packet appears to be going the right way, but I can't make it go any further. Is it possible to have the packets go through the iptables Filter tables in Dom0? What I'd eventually like to get to is running squid in Dom0 to proxy and filter Web traffic, but I cannot seem to get the traffic to flow properly when in bridging mode. Based on other searches, I've tried (with squid configured and running in Dom0): iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128 This does not seem to work. Any insight into how to get this working would be appreciated. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [Xen-devel] Is patches/linux-2.6.18/xen-hotplug.patch still necessary?, Dave Lively |
|---|---|
| Next by Date: | Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM, Derek Murray |
| Previous by Thread: | [Xen-devel] fair scheduling, Harry Smith |
| Next by Thread: | Re: [Xen-devel] iptables filtering when bridging, Mark McLoughlin |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
