WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Problem start iptables - udp broken

from [Jaroslaw Zdrzalek] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Problem start iptables - udp broken
From: Jaroslaw Zdrzalek <jz@xxxxxxxxxx>
Date: Tue, 28 Nov 2006 12:56:44 +0100
Delivery-date: Wed, 29 Nov 2006 01:44:56 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20061128110524.M2929@xxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <E4D4F968E9F97F45B21B72BDCAD8E1B803C126F4@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <915136920611280122l588565b2u5845651f0fac3a5e@xxxxxxxxxxxxxx> <20061128110524.M2929@xxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.5 
Am Dienstag 28 November 2006 12:10 schrieb Bill Maidment:
> On Tue, 28 Nov 2006 10:22:53 +0100, Abel Martín wrote
> 
> > I forgot to ask you. Are you trying to filter traffic for domU in
> > dom0? If you are trying to do this with iptables and Xen bridged
> > networking it has no sense, since a bridged device is a link layer
> > device and iptables works above at network and trasport layer.
> 
> I hope I'm not hijacking this thread, but what method is recommended to 
> firewall the
> xen0?  Is it illogical to run a bridged network if you want to firewall xen0?

the bridge is the most popular approach and it has no or few side effects.
When using network-bridge each domain has virtual interfaces connected
to a virtual switch. No routing is required nor specail handling like nat in 
the dom0.
The domain0 is like any other domain regarding firewalling:
apply your rules to virtual interfaces (eth0, eth1).
Do not try to filter on pethX or the bridge having a little or limited 
knowledge.

> Sorry for my ignorance. I'm still learning the ropes.
> Cheers
> Bill
> 
> --
> Bill Maidment
> Maidment Enterprises Pty Ltd
> www.maidment.vu
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
> 

Cheers
Jaroslaw

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Time/clock issues with Xen 3.0.3?, Tim Post
Next by Date:  [Xen-users] Applying Xen Patch for Custom Kernel, Andrew McGregor
Previous by Thread:  Re: [Xen-users] Problem start iptables - udp broken, Abel Martín
Next by Thread:  Re: [Xen-users] Problem start iptables - udp broken, Torsten Lehmann
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy