WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] vif-antispoof

from [Dirk H. Schulz] [Permanent Link][Original]
To: Mats Engstrom <mats.engstrom@xxxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] vif-antispoof
From: "Dirk H. Schulz" <dirk.schulz@xxxxxxxxxxxxx>
Date: Wed, 02 Nov 2005 08:54:39 +0100
Delivery-date: Wed, 02 Nov 2005 07:53:00 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <a0ac6d1d0511011431s3b2c1467rbabfa403e067cdfb@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <436773AE.2000106@xxxxxxxxxxxxx> <a0ac6d1d0511011431s3b2c1467rbabfa403e067cdfb@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0.7 (Macintosh/20050923) 
Hi Mats,

Mats Engstrom schrieb:


Hi Dirk,
I also had problems getting it to work when I tried it some months ago. As
far as I can remember I had just the same symptoms as you.
In order to get have the iptables correctly setup by vif-bridge in
antispoof-mode the kernel must have the pysdev option in the netfilter
section enabled and/or loaded as a module. When compiled into the kernel the
line in the .config -file should look lite this:
CONFIG_IP_NF_MATCH_PHYSDEV=y
After recompling and installing a new Dom0-kernel it worked just fine.


Yes, you are right, that's it. Thanks!
But one more question: How did you find out THAT? I am not really into netfilter yet, and there is no hint in the docs I found.
Ah, and still on more question: Did you test/do you know if the antispoof feature prevents IP spoofing only or ARP spoofing as well? 

Dirk

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] vif-antispoof, Mats Engstrom
Next by Date:  Re: [Xen-users] problem accessing swap partition on a xen machines, Dirk H. Schulz
Previous by Thread:  Re: [Xen-users] vif-antispoof, Mats Engstrom
Next by Thread:  [Xen-users] FC4, Xen 2 issues: udev, eth0, disk, Scott MacKay
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy