[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] ip source access policy per domU

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: James Oakley <joakley@xxxxxxxxxxxxxxx>
Date: Tue, 3 Oct 2006 16:55:59 -0300
Delivery-date: Tue, 03 Oct 2006 15:35:43 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

On Monday 02 October 2006 12:09 pm, Thomas wrote:
> Is there a recommended per guest configuration directive to specify
> the only IP allowed to traverse traffic (ingress/egress) via the
> virtual bridge to the domU?
>
> Current suggestions include MAC based ip access control at the layer
> 3 level, however I'd like to know if there is a more granular method
> of controlling IP based usage per guest, because it now appears that
> all IG/EG traffic over the switch port only sees the MAC address for
> dom0.
>
> E.g. netmask 10.0.0.0/24 limit guest domain to 10.0.0.10 and not
> allow traffic from any other source addresses on this netmask.

Use ebtables on xenbr0:

http://ebtables.sourceforge.net/

-- 
James Oakley
Engineering - SolutionInc Ltd.
joakley@xxxxxxxxxxxxxxx
http://www.solutioninc.com

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- [Xen-users] ip source access policy per domU
  - From: Thomas

Prev by Date: [Xen-users] /usr/sbin/mkinitrd: illegal option -- v
Next by Date: Re: [Xen-users] /usr/sbin/mkinitrd: illegal option -- v
Previous by thread: [Xen-users] ip source access policy per domU
Next by thread: [Xen-users] Memory allocation
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.