| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
Re: [Xen-users] IP blocking
On Mon, Aug 06, 2007 at 02:18:20PM +0200, shacky wrote:
> Hi.
>
> How I can assing a given IP address to a given domU and force the user
> of that domU to use that IP address and not all other?
> I don't want the user to change the IP address of his virtual machine
> in /etc/network/interfaces with one ore more IP addresses which are
> not assigned to him.
In the dom0 make sure the kernel has
net.bridge.bridge-nf-call-iptables = 1
This ensures that all traffic to/from the guest passes through the iptables
rules in Dom0. You can then filter traffic from individual vifN.M interfaces
associated with the guest to make sure its only sending data with the valid
predefined IP address and MAC address you gave it.
> In addition I don't want the user to create more virtual interface
> (eth0:x) than he is allowed to use (I allow each domU to have only two
> IP addresses).
There's no need to worry about restrictions on creating eth0:x interfaces
if you are already filtering based on the source IP address.
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
| |
|
Home