[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] dom0 can see connections from domU-s

  • To: "Fajar A. Nugraha" <fajar@xxxxxxxxx>
  • From: Deyan Chepishev <dchepishev@xxxxxxxxx>
  • Date: Tue, 25 Aug 2009 08:40:14 +0300
  • Cc: xen-users@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Mon, 24 Aug 2009 22:41:33 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=MeNXwa/TDAmdmCCusZ22+Tf4yU8aMRaQRWIrZcNpPsby+wgUjsmDZTsngfQBOg1B4e Edc8BDFZ4pFEs5E39ct0OIUPB5BCHaBVMR8udS+SNF9AvRFxvOkZiIvAT0VfoK3jqr9b Udix+NrQdk0GNU2nJXrfgDUJ3PTozZDLpDYeE=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
Fajar A. Nugraha wrote:

On Tue, Aug 25, 2009 at 5:48 AM, Deyan Chepishev<dchepishev@xxxxxxxxx> wrote:

Hello,

I have a little problem.

I can see all the guest (domU) connections in dom0's /proc/net/ip_conntrack.
As you can imagine the conntrack table starts to get filled when lots of
connections are made on domU machines. Is there a way to stop this behavior?


What is the value of /proc/sys/net/bridge/bridge-nf-call-iptables ?


The value is:
cat /proc/sys/net/bridge/bridge-nf-call-iptables
1
It looks like changing it ot 0 fixes my problems. The number of rows is going down. 

Thank you


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.