Xen project Mailing List

[Xen-users] Securing the host's networking ?

To: xen-users@xxxxxxxxxxxxxxxxxxx, dana.lux@xxxxxxxxx

Date: Mon, 16 May 2005 10:17:34 -0400

Delivery-date: Mon, 16 May 2005 14:17:04 +0000

Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=B3+jfMVw7f2+yiw+6jZfzTJswNBBP+RYmdrRvR0zsqC/olAQXm1yoisgYJ/sr5ZVwfUg0vSIK1sGRFRpMMc8n6B7amc0QHKTKEyiCYp0NaVY5raifb6822axIhtaSlRikRExJBgQOQ7RSeEMGr74YulfktpOC6boOV9LMyNAIYA=

List-id: Xen user discussion <xen-users.lists.xensource.com>

Hey folks I have installed Xen on a machine and everything works so amazingly well. I can run ttylinux and some of those premade distribution images. My networking setup is very simple and is as follows: Internet <---> eth0 <---> xen-br0 <----> Xen guests I do have two questions: First, I've noticed that on most bridging HOWTO's they state that eth0 should be set to 0.0.0.0, however I've noticed that on my machine it is configured with an IP (via the distribution init scripts) and that xen-br0 simply copies its IP. Is this normal ? Also, I've noticed that when I do run a xen guest, it creates a network port to do whatever it does. My concern is that I've noticed I can reach this port from the outside world and I assume that may be a security risk. So I was wondering are there iptable scripts to lock down a xen machine ? or a bridging setup ? I don't understand too much about this bridging networking, so I wouldn't really know how to go about creating an iptables script for the host. Thanks!! Dana _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.