| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
Re: [Xen-users] Force traffic out one interface
On 13/06/10 17:02, Fajar A. Nugraha wrote:
On Sun, Jun 13, 2010 at 10:45 PM, Jonathan Tripathy<jonnyt@xxxxxxxxxxx> wrote:
Hi Everyone,
Does anyone know any rules that I could use (using iptable, ebtables, or
otherwise) that could force all traffic coming from a guest to go out via a
particular interface? I wish to stop "inter-guest" communication, without
going via my firewall first.
IIRC Xen bridged networking by default passes domU traffic through the
bridge on dom0 (even for inter-guest communications). Try setting up
some rules there (i.e. make dom0 your firewall).
If you want to use an external firewall (not in dom0), then no, I
don't know of any way to do that.
Hi Fajar,
I'm pretty sure that by using ebtables (in the Dom0) at the "link
layer", I can force all traffic out via one interface. I believe that a
"linux-bridge" acts just like a stupid "Hub" (Ah remember those days
before switches were common?!). So by only allowing traffic out via the
interface which is connected to the firewall, traffic if forced to go
out that way.
Of course, this is just theory, so I'm asking here as someone else may
have some experience.
My backup plan, as you rightfully mention, is to just do the firewalling
in the Dom0 itself. I'd just like to use a single external firewall for
easy management.
Thanks
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
| |
|
Home