[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] vif-antispoof

To: Mats Engstrom <mats.engstrom@xxxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx
From: "Dirk H. Schulz" <dirk.schulz@xxxxxxxxxxxxx>
Date: Wed, 02 Nov 2005 08:54:39 +0100
Delivery-date: Wed, 02 Nov 2005 07:53:00 +0000
List-id: Xen user discussion <xen-users.lists.xensource.com>

Hi Mats,

Mats Engstrom schrieb:

Hi Dirk,
I also had problems getting it to work when I tried it some months ago. As
far as I can remember I had just the same symptoms as you.
In order to get have the iptables correctly setup by vif-bridge in
antispoof-mode the kernel must have the pysdev option in the netfilter
section enabled and/or loaded as a module. When compiled into the kernel the
line in the .config -file should look lite this:
CONFIG_IP_NF_MATCH_PHYSDEV=y
After recompling and installing a new Dom0-kernel it worked just fine.


Yes, you are right, that's it. Thanks!

But one more question: How did you find out THAT? I am not really intonetfilter yet, and there is no hint in the docs I found.

Ah, and still on more question: Did you test/do you know if theantispoof feature prevents IP spoofing only or ARP spoofing as well?


Dirk

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- [Xen-users] vif-antispoof
  - From: Dirk H. Schulz
- Re: [Xen-users] vif-antispoof
  - From: Mats Engstrom

Prev by Date: Re: [Xen-users] vif-antispoof
Next by Date: Re: [Xen-users] problem accessing swap partition on a xen machines
Previous by thread: Re: [Xen-users] vif-antispoof
Next by thread: [Xen-users] FC4, Xen 2 issues: udev, eth0, disk
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.