WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] ebtables tying mac to ip problem

from [Rafał Kupka] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] ebtables tying mac to ip problem
From: Rafał Kupka <rkupka+Listy.Xen@xxxxxxxxxxxxx>
Date: Fri, 3 Apr 2009 19:22:25 +0200
Delivery-date: Fri, 03 Apr 2009 10:23:05 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <6894a6470904031004o285c9c78n8a095f4c185c58f7@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Mail-followup-to: xen-users@xxxxxxxxxxxxxxxxxxx
References: <49D26363.2050307@xxxxxxxxxxxxxxxxx> <20090403093007.GA5036@xxxxxxxxxxxxxxxx> <6894a6470904031004o285c9c78n8a095f4c185c58f7@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.18 (2008-05-17) 
On Fri, Apr 03, 2009 at 06:04:29PM +0100, David wrote:
Hi,

> Unfortunately i still cant get it to work. it seems to be a problem with
> /sbin/ebtables -P FORWARD DROP

Could you provide some ebtables logs?

> if i change this to  /sbin/ebtables -P FORWARD  then it starts working again
> but i can change ip address etc on the guest

There have to be DROP policy on the end of chain (or similar DROP rule).
It's preventing malicious traffic. All "good" network packets should hit
some ACCEPT rule before reaching end of FORWARD/INPUT chain.
 
> Does the vif-bridge patch still apply for this setup?

Yes.
 
> Will i start from scratch and try to build up a set of rules for this
> situation? i'm sure this will fit into most xen networking situations as
> this setup is popular.

Sounds useful.

Kupson
-- 
Great software without the knowledge to run it is pretty useless.
(Linux Gazette #1)

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] ebtables tying mac to ip problem, David
Next by Date:  Re: [Xen-users] ebtables tying mac to ip problem, David
Previous by Thread:  Re: [Xen-users] ebtables tying mac to ip problem, David
Next by Thread:  Re: [Xen-users] ebtables tying mac to ip problem, David
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy