WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] Securing the host's networking ?

from [Dana Lux] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx, dana.lux@xxxxxxxxx
Subject: [Xen-users] Securing the host's networking ?
From: Dana Lux <dana.lux@xxxxxxxxx>
Date: Mon, 16 May 2005 10:17:34 -0400
Delivery-date: Mon, 16 May 2005 14:17:04 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=B3+jfMVw7f2+yiw+6jZfzTJswNBBP+RYmdrRvR0zsqC/olAQXm1yoisgYJ/sr5ZVwfUg0vSIK1sGRFRpMMc8n6B7amc0QHKTKEyiCYp0NaVY5raifb6822axIhtaSlRikRExJBgQOQ7RSeEMGr74YulfktpOC6boOV9LMyNAIYA=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Reply-to: Dana Lux <dana.lux@xxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
Hey folks

I have installed Xen on a machine and everything works so amazingly
well.  I can run ttylinux and some of those premade distribution
images.

My networking setup is very simple and is as follows:

Internet <---> eth0 <---> xen-br0 <----> Xen guests

I do have two questions:

First, I've noticed that on most bridging HOWTO's they state that eth0
should be set to 0.0.0.0, however I've noticed that on my machine it
is configured with an IP (via the distribution init scripts) and that
xen-br0 simply copies its IP.  Is this normal ?

Also, I've noticed that when I do run a xen guest, it creates a
network port to do whatever it does.  My concern is that I've noticed
I can reach this port from the outside world and I assume that may be
a security risk.  So I was wondering are there iptable scripts to lock
down a xen machine ? or a bridging setup ?

I don't understand too much about this bridging networking, so I
wouldn't really know how to go about creating an iptables script for
the host.

Thanks!!

Dana

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] Xenophilia Release, Michael McCabe
Next by Date:  [Xen-users] [newbie] will a xenlinux kernel boot normally?, Ovidiu Constantin
Previous by Thread:  [Xen-users] Xenophilia Release, Michael McCabe
Next by Thread:  Re: [Xen-users] Securing the host's networking ?, Sunny Dubey
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy