WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/

Home

xen-users

[Top] [All Lists]

Re: [Xen-users] Limit IPs on DomU

from [John Haxby]

[Permanent Link][Original]

To:	Sebastian Igerl <sig@xxxxxxxxx>
Subject:	Re: [Xen-users] Limit IPs on DomU
From:	John Haxby <john.haxby@xxxxxxxxxx>
Date:	Fri, 19 Sep 2008 11:18:18 +0100
Cc:	xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Fri, 19 Sep 2008 03:19:08 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<1221809554.6308.10.camel@sigerl-desktop>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<435869253@xxxxxx> <1221809554.6308.10.camel@sigerl-desktop>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Thunderbird 2.0.0.16 (X11/20080723)

Sebastian Igerl wrote:

I want to limit the IPs/Mac a DOMU can have..if a DomU uses an ip address other than i intended to do or changes his
MAC Address all packed should be dropped..

ebtables (http://ebtables.sourceforge.net/) is good for this, but it ispossible to use iptables under some conditions:http://ebtables.sourceforge.net/examples.html#ex_anti-spoof

You can extend the ebtables example to include a "--in-interface" matchto pin the MAC/IP address pair to a specific device, but, of course,you'd have to do this at the time the domain is created.

I can't remember the circumstances under which iptables filtering willwork, but I know it often doesn't because iptables doesn't see bridgetraffic. There's lots more about this in the ebtables documentation.


jch

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-users] xen 3.3.0 PCI device delegation, Dieter Imann Re: [Xen-users] xen 3.3.0 PCI device delegation, Bryan York Re: [Xen-users] xen 3.3.0 PCI device delegation, Dieter Imann RE: [Xen-users] xen 3.3.0 PCI device delegation, Joseph L. Casale Re: [Xen-users] xen 3.3.0 PCI device delegation, Andrew Lyon Re: [Xen-users] xen 3.3.0 PCI device delegation, Dieter Imann [Xen-users] Limit IPs on DomU, Sebastian Igerl Re: [Xen-users] Limit IPs on DomU, John Haxby <=

Previous by Date:	Re: [Xen-users] xm delete - Error: <Fault 3: 'machine1'>, Nemeth, Tamas
Next by Date:	Re: [Xen-users] xm delete - Error: <Fault 3: 'machine1'>, Stefan Bauer
Previous by Thread:	[Xen-users] Limit IPs on DomU, Sebastian Igerl
Next by Thread:	[Xen-users] Howto compiling Xen 3.3, Torsten
Indexes:	[Date] [Thread] [Top] [All Lists]

This site is hosted by Citrix