| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
[Xen-users] iptables and xen 3.x
Hello,
In xen 2.x running a bridged setup I am used to being able to
firewall off individual domUs from the dom0 using the physdev
module.
However with a bridged setup in xen 3.x the physdev on all packets
seems to be vif0.0 even though I have named vifs that are seeing the
traffic. For example:
$ sudo tcpdump -ni vif-xinit.0 'src 82.69.129.107'
tcpdump: WARNING: vif-xinit.0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vif-xinit.0, link-type EN10MB (Ethernet), capture size 96 bytes
19:41:22.046170 IP 82.69.129.107 > 217.147.93.68: icmp 64: echo request seq 0
So the named vif is seeing the traffic.
But in the firewall logs this will look like:
Mar 28 19:49:53 dnuk kernel: DOMU-FWD: IN=xenbr0 OUT=xenbr0 PHYSIN=peth0
PHYSOUT=vif0.0 SRC=82.69.129.107 DST=217.147.93.68 LEN=84 TOS=0x00 PREC=0x00
TTL=57 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=54341 SEQ=0
all traffic for all domUs seems to go out of vif0.0!
(these aren't the same packets so the time stamps are different)
Is it still possible to use physdev with a xen3 bridged setup?
Cheers,
Andy
signature.asc
Description: Digital signature
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Xen-users] iptables and xen 3.x,
Andy Smith <=
|
|
|
| |
|
Home
xen.org, 