|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Problem start iptables - udp broken
Am Dienstag 28 November 2006 12:10 schrieb Bill Maidment: > On Tue, 28 Nov 2006 10:22:53 +0100, Abel Martín wrote > > > I forgot to ask you. Are you trying to filter traffic for domU in > > dom0? If you are trying to do this with iptables and Xen bridged > > networking it has no sense, since a bridged device is a link layer > > device and iptables works above at network and trasport layer. > > I hope I'm not hijacking this thread, but what method is recommended to > firewall the > xen0? Is it illogical to run a bridged network if you want to firewall xen0? the bridge is the most popular approach and it has no or few side effects. When using network-bridge each domain has virtual interfaces connected to a virtual switch. No routing is required nor specail handling like nat in the dom0. The domain0 is like any other domain regarding firewalling: apply your rules to virtual interfaces (eth0, eth1). Do not try to filter on pethX or the bridge having a little or limited knowledge. > Sorry for my ignorance. I'm still learning the ropes. > Cheers > Bill > > -- > Bill Maidment > Maidment Enterprises Pty Ltd > www.maidment.vu > > > _______________________________________________ > Xen-users mailing list > Xen-users@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-users > Cheers Jaroslaw _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |