Re: [Xen-devel] Network filtering setup

To:	Jacob Gorm Hansen <jacobg@xxxxxxx>, xen-devel <Xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject:	Re: [Xen-devel] Network filtering setup
From:	Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date:	Sat, 23 Dec 2006 09:22:37 +0000
Delivery-date:	Sat, 23 Dec 2006 01:22:31 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<1166797559.4895.9.camel@xxxxxxxxxxxxxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index:	Accmc+K1ITyl8pJnEduyIQANk04WTA==
Thread-topic:	[Xen-devel] Network filtering setup
User-agent:	Microsoft-Entourage/11.3.2.061213

On 22/12/06 2:25 pm, "Jacob Gorm Hansen" <jacobg@xxxxxxx> wrote:

> Does anyone have the perfect setup (list of iptables commands I suppose)
> for this, preferable without bridging at the Ethernet layer?
> NAT/Masquerading is not an option, as I prefer not to have any state
> kept in dom0.

What you're asking for is different to what was done in Xen 1.x which, as I
recall, did Ethernel-level bridging with IP-level firewalling. The closest
match in Xen 3.x would be etherbridge + etherbridge hooks into ip tables.

 -- Keir

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

WARNING - OLD ARCHIVES

xen-devel

Re: [Xen-devel] Network filtering setup