Re: [Xen-users] vif-antispoof

[Mats Engstrom <mats.engstrom@xxxxxxxxx>]

Hi Dirk,

 

I also had problems getting it to work when I tried it some  months ago.  As far as I can remember I had just the same symptoms as you.

 

In order to get have the iptables correctly setup by vif-bridge in antispoof-mode the kernel must have the pysdev option in the netfilter section enabled and/or loaded as a module.  When compiled into the kernel the line in the .config -file should look lite this: CONFIG_IP_NF_MATCH_PHYSDEV=y

 

After recompling and installing a new Dom0-kernel it worked just fine.

 

On 11/1/05, Dirk H. Schulz <dirk.schulz@xxxxxxxxxxxxx> wrote:

Hi folks,

I started testing the antispoof feature of xen stable (2.0.7). I am
stuck with it.

I have setup a standard bridged environment.

I understood it like this: in domU config I set up the virtual NIC like

   vif = [ 'mac=ae:00:00:78:78:78, ip=192.168.0.100 ' ]

Then I configure /etc/network/interface of this domU to show the same IP
address for eth0.

After restarting the physical machine with xend-config.sxp saying
   (vif-antispoof      yes)

the domU should still be able to reach everything like it did before.
But it does not. From domU I can ping the bridge it is connected to
(that is, eth0 of dom0), but I cannot ping any other host on the same
subnet the physical machine is on nor any host on the internet.

There is something I am overlooking, right?

Any hint or help would be greatly appreciated. I have googled and looked
in the docs, but found nothing.

Dirk

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

-- 
Mats Engstrom, Nerdlabs Consulting , 
http://www.nerdlabs.se 
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users