WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

RE: [Xen-devel] Bridging firewall?

To: "Matthieu PATOU" <matxen@xxxxxxxxx>
Subject: RE: [Xen-devel] Bridging firewall?
From: "Ian Pratt" <m+Ian.Pratt@xxxxxxxxxxxx>
Date: Wed, 26 Jan 2005 21:56:12 -0000
Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxxx>
Delivery-date: Fri, 28 Jan 2005 00:42:08 +0000
Envelope-to: xen+James.Bulpin@xxxxxxxxxxxx
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
Thread-index: AcUD669efU+2Pl2hRx6rzFEncTGECwABbv0w
Thread-topic: [Xen-devel] Bridging firewall?
Are you sure your new scripts actually still implement the antispoof
feature of ensuring that the guest can only send packets using its
allocated IP? It looks to me like they're too lax.

Ian

> -----Original Message-----
> From: Matthieu PATOU [mailto:matxen@xxxxxxxxx] 
> Sent: 26 January 2005 21:12
> To: Ian Pratt
> Cc: xen-devel@xxxxxxxxxxxxxxxxxxxxx
> Subject: Re: [Xen-devel] Bridging firewall?
> 
> On Sun, 23 Jan 2005 23:15:29 -0000
> "Ian Pratt" <m+Ian.Pratt@xxxxxxxxxxxx> wrote:
> 
> >  > In order to feel secure i've activated the antispoof options, 
> > > but as it was
> > > broken for me i tweak a little the rules ... if someone is 
> > > intrested i can post
> > > my script and give some explanations.
> > 
> > That would be useful.
> > 
> See the attached files, in order to work i put some rules :
> vifx.0 must be bridged to xen-br0 (it correspond to the 
> output of the firewall)
> in order to be really accessible (some iptables rules are 
> juste added line 79
> and 80 for vifx.0 and not for other vif).
>  
> 


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel

<Prev in Thread] Current Thread [Next in Thread>