WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] iptables help

from [Jonathan Tripathy] [Permanent Link][Original]
To: <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-users] iptables help
From: "Jonathan Tripathy" <jonnyt@xxxxxxxxxxx>
Date: Tue, 15 Jun 2010 13:21:40 +0100
Delivery-date: Tue, 15 Jun 2010 05:23:15 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcsMhU7y9WRsnv7mR3O1qAnWUo1+Hw==
Thread-topic: iptables help
Hi Everyone,
 
My Dom0 has a bridge which has its physical NIC added to it. This physical nic is called peth0, and the bridge is called eth0 (fairly standard).
 
I then launch a DomU, and its virtual interface (as seen by the Dom0) is fw0. I only wish to allow traffic from peth0 to fw0 (and vice-versa). The Dom0 has a default policy of:
 
iptables -P FORWARD DROP
 
To try and only allow the above traffic, I try and do:
iptables -I FORWARD -m physdev --physdev-in peth0 --physdev-out fw0 -j ACCEPT
iptables -I FORWARD -m physdev --physdev-in fw0 --physdev-out peth0 -j ACCEPT
 
However those 2 rules don't allow any traffic. The only way I can get it to work is via:
 
iptables -I FORWARD -m physdev --physdev-in peth0 -j ACCEPT
iptables -I FORWARD -m physdev --physdev-out peth0 -j ACCEPT
iptables -I FORWARD -m physdev --physdev-in fw0 -j ACCEPT
iptables -I FORWARD -m physdev --physdev-out fw0-j ACCEPT
 
However those arn't secure really
 
Any help would be appreciated
 
Thanks 
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] iptables help, Jonathan Tripathy <=
Previous by Date:  Re: [Xen-users] VNC issues, chris
Next by Date:  RE: [Xen-users] Problems with GPLPV network latency, Ian Tobin
Previous by Thread:  [Xen-users] [XCP] XCP 0.5RC1 upgrade issues, George Shuklin
Next by Thread:  [Xen-users] Stacklet's VMs on Xen 4.0, Jonathan Tripathy
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy