| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
[Xen-users] iptables in dom0
Guys,
I'm stuck with dom0's firewall setup. I've read the corresponging wiki
and mailing list threads, and until this point I believed I understood
it correctly, but that might not be the case.
In my dom0, after xend did its part I have:
- peth0 (physical ethernet device)
- eth0 which is just one end of vif0.0 (fulfils the same role as eth0 in
a domU)
- and last vif0.0, which is the other end of the virtual cable coming
from (v)eth0, and is connected to xenbr0 along with the other vif's and
peth0.
How come then, that a
-A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
rule leaves me with no outbound connection? The other end cleary states
that a high port in my dom0 is not accessible to it, which means my
firewall is not stateful, as it was initiated by me (dom0)?
Furthermore, if I do the --physdev filtering like most people do, when
shall I run the script from? Right after xend starts? Is there
preferable point in time to do it during dom0's boot?
I hope someone can put me on the right track.
Thanks guys for the professional supported provided so far.
Cheers,
Frank
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Xen-users] iptables in dom0,
Sipos Ferenc <=
|
|
|
| |
|
Home