[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Firewalling Xen?

  • To: xen-users@xxxxxxxxxxxxxxxxxxx
  • From: Stephen Liu <satimis@xxxxxxxxx>
  • Date: Wed, 17 Dec 2008 09:03:21 +0800 (CST)
  • Delivery-date: Tue, 16 Dec 2008 17:04:03 -0800
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=NKXF6dfXh4jxM/YOrzaak8btFDDnd5XwY5jLzK+5FEtIzTARTbHtKHr5glUf3v4nZG3KejJ4R3YfbeykyRpFc7uEkme+1V4KYz5ae64KY4ulAPq8ezwcrVbbxAw++T8NCheGDBzWx5vf8H/wlczK1QaVMnwiSxxM3qfgr4fe2vg=;
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
--- Grant McWilliams <grantmasterflash@xxxxxxxxx> wrote:

> Grant McWilliams
> 
> Some people, when confronted with a problem, think "I know, I'll use
> Windows."
> Now they have two problems.
> 
> 
> 
> On Tue, Dec 16, 2008 at 9:01 AM, Thomas Goirand <thomas@xxxxxxxxxx>
> wrote:
> 
> > lists@xxxxxxxxxxxxx wrote:
> > > I'm wondering how to setup a firewall for Dom0 when all traffic
> for the
> > DomUs go 'through' it.
> >
> > Hi,
> >
> > as we do commercial VPS hosting with xen and our own open source
> > management interface, we have designed a small anti-DoS firewall to
> > setup in your dom0. It does nothing spectacular, but it helps
> against
> > ssh dictionary attacks, and other very common flood types that
> might
> > hurt your server: ping, syn, etc.
> >
> >
> >
>
http://git.gplhost.com/gitweb/?p=dtc-xen.git;a=blob;f=debian/dtc-xen.init;h=5e4df2e46e3a872a2d73ada77e24e8bb242f8b6b;hb=a75a32b23d6dde71dc684045b3c2e7051c30e6fa
> >
> > I'd be happy to have contributions in this small script that is by
> the
> > way very simple to extend (just add few functions for yourself and
> > share, then anybody can enable/disable them with ease.
> >
> > Thomas
> >
> >
> Don't you mean this ;-)
> 
>
http://git.gplhost.com/gitweb/?p=dtc-xen.git;a=blob;f=debian/dtc-xen-firewall.init;h=16139921d6efd6fc2e407f7d80b11fae97befdf9;hb=a75a32b23d6dde71dc684045b3c2e7051c30e6fa
> 
> A bit off topic but can dtc-xen control it's users in a way that you
> can
> assign an admin per VM? What I'm looking for is to have each student
> manage
> his and only his domU.
> 
> Grant McWilliams


Hi folks,


Just came across this thread.  The setup of the Xen box here is as
follows;


DomO - a workstation for remote setup/config DomU
DomU1 - mail server for routing (headless)
DomU2 - mail server for domain1 (headless)
DomU3 - mail server for domain2 (headless)
DomU4 - mail server for domain3 (headless)
etc.


Firewall is only running on domU1.  I'm running virtual domains, with
all domains pointing at the same public IP (one public IP).  All ports
on router are forwarded to the local IP of DomU1.  Do I need to have
firewall installed on each DomU?  TIA


B.R.
Stephen L

Send instant messages to your online friends http://uk.messenger.yahoo.com 

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.