This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] Re: number of ips

To: Vu Pham <vu@xxxxxxxxxx>
Subject: Re: [Xen-users] Re: number of ips
From: Anand Gupta <xen.mails@xxxxxxxxx>
Date: Sat, 11 Apr 2009 16:22:57 +0530
Cc: Xen Users <Xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Sat, 11 Apr 2009 03:53:42 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=JLyhkOid32i+3Lu6yWlKVeud3IXKnUuwMelKN31CSJA=; b=M9RD396QxCJr+WT64l1C04mA72uPjEtyceDQDCYf5TC0g9ZxUqCkS+VMiEcDV3/RVs QAE8tCPiWM+0Pz3eH7e8xbjCwKPes9ZZ8HjaHz8DWBPaEG6IkVW6f4zNYpI5wFrZBU4/ IgtwvLisipPCqxgqzXrwhHa6OSIhgRP8z/VQs=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=LB7Fco4eLPfkY5Tnhpx0MF3g4YF8tgSdXkdQGJLCEWPkM0ZB1i0AdyFHo/7aE5MNey eHEL0nHqqLJHf/tzOV3c8Y2TSiqJD7zPsrkbGS3ogrG4Jr2md/ikn1R1YDctnPmbtGWu lzdYRwWCngzKTZo81TIzMae+6jTmtlNtR6H6A=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <49DFDE62.404@xxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <acb757c00904090609y3975792dgd89d28e843ee9ee@xxxxxxxxxxxxxx> <49DFC083.3060604@xxxxxxxxxx> <acb757c00904101516v53fa1aabjbc1eb304aa707280@xxxxxxxxxxxxxx> <49DFDC3F.9080706@xxxxxxxxxx> <49DFDE62.404@xxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Hi Vu,

Ofcourse these users are all root users, each domU root user is maintaining their themselves.

Can you recommend how to use iptables to achieve this ? The earlier solutions i seem to have seen are all based on ebtables.

On Sat, Apr 11, 2009 at 5:33 AM, Vu Pham <vu@xxxxxxxxxx> wrote:

Vu Pham wrote:

Anand Gupta wrote:
Hi Vu,

Actually both. I am basically offering vps services. So its critical
for my setup that users use only the ips i have assigned to their
domU. They shouldn't arbitrarily add ip series and start to use them.
Further i have some domU's where i have to add multiple ips for use
inside them.

Are the users just non-root users ? Or are you going to let them access their domU as root accounts so they have systems with all permissions ?

Non-root users cannot assign ip address, I believe.

I click Send to fast. If they are root users, you can set up iptables on dom0 to block them according to the IPs you assign to them. If they assign more, those IPs cannot get out.



On 4/11/09, Vu Pham <vu@xxxxxxxxxx> wrote:
Anand Gupta wrote:
Hi Nick,

Thanks for the reply. What if they are on different subnet ? And then
what stops a user inside domU to add any ip in that series (as long as
the ips are assigned and routable to the server) and start to use it ?

On 4/11/09, Nick Anderson <nick@xxxxxxxxxxxx> wrote:
On Sat, Apr 11, 2009 at 01:35:48AM +0530, Anand Gupta wrote:
Hmm... So if i have to assign lets say 6 ips to a domU, what is the
best method to do so ?
 Well if they are all on the same subnet and your using standard
bridging and using a linux domU you should be able to just bring
virtual interfaces.

ifconfig eth0:0
ifconfig eth0:1
ifconfig eth0:1

Hi Anand,

I just want to understand more about your problem. Do you want to be
able to have many IPs on domU or do you worry about users trying to add
too many IPs that can affect the system ?



Xen-users mailing list


Anand Gupta
Xen-users mailing list