[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Network filtering setup

  • To: Jacob Gorm Hansen <jacobg@xxxxxxx>, xen-devel <Xen-devel@xxxxxxxxxxxxxxxxxxx>
  • From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
  • Date: Sat, 23 Dec 2006 09:22:37 +0000
  • Delivery-date: Sat, 23 Dec 2006 01:22:31 -0800
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
  • Thread-index: Accmc+K1ITyl8pJnEduyIQANk04WTA==
  • Thread-topic: [Xen-devel] Network filtering setup

On 22/12/06 2:25 pm, "Jacob Gorm Hansen" <jacobg@xxxxxxx> wrote:

> Does anyone have the perfect setup (list of iptables commands I suppose)
> for this, preferable without bridging at the Ethernet layer?
> NAT/Masquerading is not an option, as I prefer not to have any state
> kept in dom0.

What you're asking for is different to what was done in Xen 1.x which, as I
recall, did Ethernel-level bridging with IP-level firewalling. The closest
match in Xen 3.x would be etherbridge + etherbridge hooks into ip tables.

 -- Keir

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.