WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Dom-U config: whats the role of vif - IP

from [Tim Post] [Permanent Link][Original]
To: Christoph Purrucker <cp+ml-xen@xxxxxxxx>
Subject: Re: [Xen-users] Dom-U config: whats the role of vif - IP
From: Tim Post <tim.post@xxxxxxxxxxxxxxx>
Date: Mon, 25 Sep 2006 00:52:55 +0800
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Sun, 24 Sep 2006 09:53:47 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <58902.194.39.218.10.1158918727.squirrel@xxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Organization: Net Kinetics
References: <58902.194.39.218.10.1158918727.squirrel@xxxxxxxxxxxxxxxxx>
Reply-to: tim.post@xxxxxxxxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
This is really a big issue for people such as web hosting providers who
will be giving 'untrusted' root access to dom-u's to the general public.

VPS servers are a very popular choice for those who purchase hosting
services with less than honorable intentions. 

Since many do setup their networks for ease of administration (meaning,
whatever dom-u broadcasts an IP on a subnet that knows about it, owns
it) this allows one dom-u to 'hijack' the IP of another and use it for
abusive activity, intercept traffic, etc. 

If you have only 'trusted' root users on your dom-u's and don't run
insecure public services from them, its pretty safe to just leave things
easy and do your networking at the dom-u end.

Depending on the quality of the network feeding your bridges (if using
them), you may find it handy to specify a mac address in both the xen
configuration and dom-u network init scripts.

So there really isn't a right or wrong answer.. other than be sure
allowing dom-u's to bring up their own IP's fits your security model :)

HTH,
-Tim

On Fri, 2006-09-22 at 11:52 +0200, Christoph Purrucker wrote:
> Hello,
> 
> in the example configuration-files I always read, that I've to add an
> IP-Adress if I don't have a DHCPd running. I'm running in bridge-mode. For
> example:
> 
> vif = ['ip=192.168.5.99']
> 
> But I don't want to configure the IP-Adress in an config-file on Dom-0;
> the Admin of the Dom-U should do that with Dom-U's ifconfig (or Debian's
> /etc/network/interfaces). I started several Dom-Us with
> 
> vif = ['']
> 
> and it seems, that they run quite fine with a locally configured
> interface. And further on, if I change the above vif = ['ip=192.168.5.99']
> to any other IP, the Dom-U ist still reachable under its locally
> configured IP (and not under the new one in der config-file) after
> rebooting the Dom-U.
> 
> So what's the sense of the above parameter?
> 
> cu cp
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
> 
> 


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Xen-users] Compiling VMWare server against xen dom0 enabled kernel, Tim Post
Next by Date:  Re: [Xen-users] Dom-U config: whats the role of vif - IP, Tim Post
Previous by Thread:  RE: [Xen-users] Dom-U config: whats the role of vif - IP, Fischer, Anna
Next by Thread:  Re: [Xen-users] Dom-U config: whats the role of vif - IP, Tim Post
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy