|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] dom0 firewall + domU virtual eth0:1
Hi again,
Is there a guide/wiki/howto for doing safe firewalling in dom0 ?
I have a domU which has two IP's.
It is configured like this in it's config file:
nics = 2
vif = [ 'ip=1.2.3.70' , 'ip=1.2.3.71' ]
gateway = "1.2.3.1"
netmask = "255.255.255.0"
ifconfig in domU shows both eth0 (1.2.3.70) and eth0:1 (1.2.3.71)
configured OK.
'brctl show' in dom0 shows
bridge name bridge id STP enabled interfaces
xen-br0 8000.006002123a08 no eth0
vif1.0
vif1.1
vif2.0
My problem is I want to run iptables in dom0 to do some firewalling.
With just a single eth0 in domU this seesm fine. But If add another
virtual eth0:1 in domU, and then start up the firewall in dom0, the
networking in domU fails. It's like the bridging fails.
I notice 'xm create' puts the following iptables entries in
ACCEPT all -- 1.2.3.70 anywhere PHYSDEV match --physdev-in vif1.0
ACCEPT udp -- anywhere anywhere PHYSDEV match --physdev-in vif1.0 udp
spt:bootpc dpt:bootps
ACCEPT all -- 1.2.3.71 anywhere PHYSDEV match --physdev-in vif1.1
ACCEPT udp -- anywhere anywhere PHYSDEV match --physdev-in vif1.1 udp
spt:bootpc dpt:bootps
but if I restart iptable, or add any other rules the bridging fails.
Can anyone give any advice on how to do iptable firewalling in dom0
that won't affect the domU virtual interface brigding?
Thanks
Paul
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |