[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Firewalling Xen?

  • To: "Simon Hobson" <linux@xxxxxxxxxxxxxxxx>
  • From: "Grant McWilliams" <grantmasterflash@xxxxxxxxx>
  • Date: Mon, 15 Dec 2008 12:43:14 -0800
  • Cc: xen-users@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Mon, 15 Dec 2008 12:43:58 -0800
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=dYPawcBQpJ/G9OxSbyg6CMcDHQKI4B5XadmYCtMHRc4IRXXcAltbRnM2NNbUE0g/CE CgMjcMcJiv/TdKlIRDGKUnwBdNSc0p7UnJm/OKErt1oUvdXuhH4FUlIvCxHRSplbVRHA mVrTJmfJBWDiHDHVv586KmI1KGVakHlrtfqO0=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>


I have another server that is setup something similar to your setup. I hand crafted an init file to configure a few iptables rules to protect Dom0 - it's pointless trying to run a full firewall as a) I'm not sure anyone really understands networking fully under Xen, and b) the network keeps changing when guests start or stop.



--
Simon Hobson


The one thing that I'd like to say is that if all your DomUs have static IPs you can firewall them just like a firewall protecting any other NATed private network. If they're dynamic you're got some issues.


Grant McWilliams

Some people, when confronted with a problem, think "I know, I'll use Windows."
Now they have two problems.
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.