|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] Re: Blocking DomU NetBios
On Wed, Feb 13, 2008 at 06:59:45PM +0000, Andy Smith wrote:
> You need to use --physdev since this is a bridge.
Thanks a lot for the answer. The problem is that I am not seeing any packet at
all going through in the forward chain.
And iptables -L -v returns this:
----------------------------------
Chain INPUT (policy ACCEPT 2158K packets, 2210M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any anywhere anywhere
PHYSDEV match --physdev-in vifxenv0
0 0 DROP all -- any any anywhere anywhere
PHYSDEV match --physdev-in vifxenv0
Chain OUTPUT (policy ACCEPT 1508K packets, 590M bytes)
pkts bytes target prot opt in out source destination
--------------------------
I have tried completely blocking all traffic to and from the domU, but there
isn't any thing there to block. Also, in the case of HVM, the actual device
seems to be tapN, rather than the device vifN.0. Even though the latter is
present, the ifconfig shows its traffic as 0, and the traffic is actually going
via the
> You might also consider using routed networking instead.
Routed Networking is not an option, since unlike in the case of linux, the
windows domUs work via dhcp. and DHCP will not work on routed networking.
Thanks again.
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |