WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] iptables and xen 3.x

from [Andy Smith] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] iptables and xen 3.x
From: Andy Smith <andy@xxxxxxxxxxxxxx>
Date: Wed, 29 Mar 2006 20:45:41 +0000
Delivery-date: Wed, 29 Mar 2006 20:47:25 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20060328195317.GR32019@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Openpgp: id=BF15490B; url=http://strugglers.net/~andy/pubkey.asc
References: <20060328195317.GR32019@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.9i 
On Tue, Mar 28, 2006 at 07:53:17PM +0000, Andy Smith wrote:
> In xen 2.x running a bridged setup I am used to being able to
> firewall off individual domUs from the dom0 using the physdev
> module.
> 
> However with a bridged setup in xen 3.x the physdev on all packets
> seems to be vif0.0 even though I have named vifs that are seeing the
> traffic.  For example:

[...]

> Mar 28 19:49:53 dnuk kernel: DOMU-FWD: IN=xenbr0 OUT=xenbr0 PHYSIN=peth0 
> PHYSOUT=vif0.0 SRC=82.69.129.107 DST=217.147.93.68 LEN=84 TOS=0x00 PREC=0x00 
> TTL=57 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=54341 SEQ=0
> 
> all traffic for all domUs seems to go out of vif0.0!

No answers so maybe I have missed something obvious, but I don't
understand why this works for me with xen 2.0.7.

Do I need to use ebtables now?

Cheers,
Andy

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] No dom0/domU ping "out of the box", Colin Brown
Next by Date:  [Xen-users] 2.6.16.1 stable only with xen, Andreas Jellinghaus
Previous by Thread:  [Xen-users] iptables and xen 3.x, Andy Smith
Next by Thread:  [Xen-users] Questions about sedf scheduler, Amitayu Das
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy