[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Iptables and antispoof?

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: "Ulrich Windl" <ulrich.windl@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 26 Feb 2007 09:44:25 +0100
Delivery-date: Mon, 26 Feb 2007 00:44:34 -0800
List-id: Xen user discussion <xen-users.lists.xensource.com>
Priority: normal

On 23 Feb 2007 at 18:49, Larry Ludwig wrote:

> Hi,
> 
> How can we get antispoof to work correctly?  I can still assign any ip
> address in domU
> 
> The goal is is to prevent domU instances from using IP address assigned to
> other customers.

I'm afraid a user can do to a virtual box what he can do to a real box. Normal 
UNIX users cannot assign IP adresses. Root can do. Root is responsible for the 
machine. What should XEN do about that?

Regards,
Ulrich


> 
> (network-script network-bridge vifnum=0 netdev=eth0 bridge=xenbr0
> antispoof=yes)
> (vif-antispoof yes)
> 
> Is in the xend-config.sxp file and using FC6 rpms.
> 
> Please help..
> 
> -L
>  
> --
> Larry Ludwig
> 
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- [Xen-users] Iptables and antispoof?
  - From: Larry Ludwig

Prev by Date: Re: [Xen-users] SWAP on domUs is not mounted.
Next by Date: Re: [Xen-users] SWAP on domUs is not mounted.
Previous by thread: [Xen-users] Iptables and antispoof?
Next by thread: Re: [Xen-users] Iptables and antispoof?
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.