| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
[Xen-users] antispoof with Xen 3
Hi folks,
I am trying to get antispoofing running on xen3 (based on Debian Sarge).
This is what I have done to enable it:
1. I have compiled a dom0 kernel with CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
2. I made sure this module is loaded: lsmod gives xt_physdev (among
others).
3a. I have changed the line "(network-script network-bridge)" to
"(network-script network-bridge antispoof=yes)" in
/etc/xen/xend-config.sxp.
3b. I have also tried setting the default in network-bridge to yes by
changing the antispoof line to "antispoof:${antispoof:-yes}".
Then I have setup a domU with vif=['mac=ae:00:00:78:be:04,
ip=192.168.115.156'], but "inside" I have configured the ip address of
eth0 to be 192.168.115.157.
After starting the domU "ifconfig eth0" shows the ip address
192.168.115.157, but the domU still has network access to the outside.
That means: antispoofing does not work.
I have googled a lot but found nothing I did not try. Does antispoofing
in Xen3 not work with the new CONFIG_NETFILTER_XT_MATCH_PHYSDEV of
kernel 2.6.16? Or is there anything else I have overlooked.
Any hint or help is appreciated.
Dirk
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Xen-users] antispoof with Xen 3,
Dirk H. Schulz <=
|
|
|
| |
|
Home
xen.org, 