[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Firewalling Xen?

  • To: "Simon Hobson" <linux@xxxxxxxxxxxxxxxx>
  • From: "Grant McWilliams" <grantmasterflash@xxxxxxxxx>
  • Date: Mon, 15 Dec 2008 12:43:14 -0800
  • Cc: xen-users@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Mon, 15 Dec 2008 12:43:58 -0800
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=dYPawcBQpJ/G9OxSbyg6CMcDHQKI4B5XadmYCtMHRc4IRXXcAltbRnM2NNbUE0g/CE CgMjcMcJiv/TdKlIRDGKUnwBdNSc0p7UnJm/OKErt1oUvdXuhH4FUlIvCxHRSplbVRHA mVrTJmfJBWDiHDHVv586KmI1KGVakHlrtfqO0=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>

I have another server that is setup something similar to your setup. I hand crafted an init file to configure a few iptables rules to protect Dom0 - it's pointless trying to run a full firewall as a) I'm not sure anyone really understands networking fully under Xen, and b) the network keeps changing when guests start or stop.

Simon Hobson

The one thing that I'd like to say is that if all your DomUs have static IPs you can firewall them just like a firewall protecting any other NATed private network. If they're dynamic you're got some issues.

Grant McWilliams

Some people, when confronted with a problem, think "I know, I'll use Windows."
Now they have two problems.
Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.