[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Securing the host's networking ?

  • To: xen-users@xxxxxxxxxxxxxxxxxxx, dana.lux@xxxxxxxxx
  • From: Dana Lux <dana.lux@xxxxxxxxx>
  • Date: Mon, 16 May 2005 10:17:34 -0400
  • Delivery-date: Mon, 16 May 2005 14:17:04 +0000
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=B3+jfMVw7f2+yiw+6jZfzTJswNBBP+RYmdrRvR0zsqC/olAQXm1yoisgYJ/sr5ZVwfUg0vSIK1sGRFRpMMc8n6B7amc0QHKTKEyiCYp0NaVY5raifb6822axIhtaSlRikRExJBgQOQ7RSeEMGr74YulfktpOC6boOV9LMyNAIYA=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>

Hey folks

I have installed Xen on a machine and everything works so amazingly
well.  I can run ttylinux and some of those premade distribution

My networking setup is very simple and is as follows:

Internet <---> eth0 <---> xen-br0 <----> Xen guests

I do have two questions:

First, I've noticed that on most bridging HOWTO's they state that eth0
should be set to, however I've noticed that on my machine it
is configured with an IP (via the distribution init scripts) and that
xen-br0 simply copies its IP.  Is this normal ?

Also, I've noticed that when I do run a xen guest, it creates a
network port to do whatever it does.  My concern is that I've noticed
I can reach this port from the outside world and I assume that may be
a security risk.  So I was wondering are there iptable scripts to lock
down a xen machine ? or a bridging setup ?

I don't understand too much about this bridging networking, so I
wouldn't really know how to go about creating an iptables script for
the host.



Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.