WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Xen and IPtables

from [James Clemence] [Permanent Link][Original]
To: Ryan Kennedy <rkennedy@xxxxxxxxxxxxxx>
Subject: Re: [Xen-users] Xen and IPtables
From: James Clemence <jamesvclemence@xxxxxxxxxxxxxx>
Date: Thu, 30 Apr 2009 09:27:41 +0100
Cc: "xen-users@xxxxxxxxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 30 Apr 2009 01:28:32 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=QWN8heA3yXxUns1rNwO6/O+Y1gZ49p+vv4iTi4hFc+8=; b=SfOUaZPaqoy0MNbZOAvJ6wOX8Eaw5Uf0vn7rIqM2ztyqWqF0NtkjuFiIs9AhhYhBT0 lNl/ijabjneaveGcaTzRHPDxWgSGpGQjXX9jVDAQXT4gAH8JcmDYB860xjiGGG2f2k27 h6YWxVbi8Ge6BvwFy81uTborbmC0VmdMPgY7I=
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=ncJQA1NIpAuTnfcJGxMWJJ9fpsVqk+xf8a8LXmjNLB67HXWddGKHfu5cMYdljZnZc7 92sV3VbRq3hELQKlLOps2eEIm/e+97N/hKcXy73oOhcLPP0ltvmnb8A8Y7K40CQKHH0R QustAUM61eqD7uJ94rU6B5gFNueS0f9/g32ls=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <49F8A761.408@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <693269b50904291202n45d2b268ua71a07e6ba8a3082@xxxxxxxxxxxxxx> <49F8A761.408@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Sorry, a poor explanation, had a very tired day yesterday!

Basically, I'm using a bridging solution standard xen bridging scripts,

1 physical ethernet card, bridge eth0
1 virtual attached to the bridge peth0
2 domUs, also attached to the bridge, vif1.0 and vif2.0

There are three different IP addresses, one for each virtual interface.

I have been able to filter for the domUs via the forward chain taking out the packets to each domU to a specific chain for that domU, and then handle the packets with ACCEPT/DROP, as per usual.

-m physdev  --physdev-in peth0 --physdev-out vif${DOMUID}.0 -j <DOMU chain>

However, I blanked on where to get hold of the traffic to the dom0? Does that go to FORWARD too? Or does it simply hit INPUT?

Cheers for your help,

J

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Interrupt distribution, ITZIAR BALENCIAGA
Next by Date:  Re: [Xen-users] Vinculate tty1 or tty7 to domU, John Haxby
Previous by Thread:  Re: [Xen-users] Xen and IPtables, Ryan Kennedy
Next by Thread:  Re: [Xen-users] Xen and IPtables, Fajar A. Nugraha
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy