Xen project Mailing List

Hi Todd,

Yes, that’s interesting… but ARP spoofing sounds a bit of a hack, and I’m sure I can get the bridge to act as a hub for one of the DomU’s incoming packets, which is really what I basically need to achieve. ARP spoofing may work but may be inappropriate for a production environment.

I tried modifying Dom0’s iptables entries yesterday without much success. I basically have:

[root@pstnserver ~]# iptables -L

Chain INPUT (policy ACCEPT)

target prot opt source destination

ACCEPT udp -- anywhere anywhere udp dpt:domain

ACCEPT tcp -- anywhere anywhere tcp dpt:domain

ACCEPT udp -- anywhere anywhere udp dpt:bootps

ACCEPT tcp -- anywhere anywhere tcp dpt:bootps

Chain FORWARD (policy ACCEPT)

target prot opt source destination

ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED

ACCEPT all -- 192.168.122.0/24 anywhere

ACCEPT all -- anywhere anywhere

REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif1.0

ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif1.1

ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif2.1

ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif2.0

ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif3.0

ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif3.1

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

[root@pstnserver ~]#

The DomU I want to have get all packets uses vif3.0 so I was hoping that if I modify the appropriate entry it would work. Problem is I don’t know at this stage what I should modify it to ;) (not much of an iptables person myself). I suspect I may need to turn ipv4 forwarding on on Dom0 too.

Any ideas?

Thanks, Paul

From: Todd Deshane [mailto:deshantm@xxxxxxxxx]
Sent: sábado, 02 de febrero de 2008 3:04
To: Paul Nader
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Missing packets on Dom0 when sniffing bridge with wireshark/tethreal

On Jan 31, 2008 5:24 PM, Paul Nader <paul.nader@xxxxxxxxx> wrote:

Hi,

I have a Centos5 machine running xen 3.0.3-41 with two NICs each on its own subnet: 192.168.1.x and 192.168.0.x. All DomUs can talk to each other OK through two xen bridges. There are 3 DomUs: Dom0, Dom1 and Dom2

The scenario:

I'm trying to capture packets on Dom2 on 192.168.0.x from external devices that are sending SIP stuff to Dom1, but fail to capture any packets. I can only capture them if I run tethereal on Dom1. I'm setting the interface to collect in promiscuous mode, enabled all protocols, etc.

I can however capture ICMP and ARP packets on Dom2 on 192.168.0.x when I ping Dom1.

Is there anything I need to do to make the bridge assigned to 192.168.0.x relay _all_ packets to _all_ DomUs?

I'm not sure if there is a direct way to do this. If I was you I would looking into brctl and also find out if the bridge can be made to act like a hub.

I wonder if ARP spoofing [1] (i.e. an arp bomb) as suggested in [2] could work?

[1] http://en.wikipedia.org/wiki/ARP_spoofing
[2] http://lists.xensource.com/archives/html/xen-users/2005-04/msg00284.html

Thanks for any help,

Paul.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

RE: [Xen-users] Missing packets on Dom0 when sniffing bridge with wireshark/tethreal