[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Xen and IPtables

  • To: Ryan Kennedy <rkennedy@xxxxxxxxxxxxxx>
  • From: James Clemence <jamesvclemence@xxxxxxxxxxxxxx>
  • Date: Thu, 30 Apr 2009 09:27:41 +0100
  • Cc: "xen-users@xxxxxxxxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Thu, 30 Apr 2009 01:28:32 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=ncJQA1NIpAuTnfcJGxMWJJ9fpsVqk+xf8a8LXmjNLB67HXWddGKHfu5cMYdljZnZc7 92sV3VbRq3hELQKlLOps2eEIm/e+97N/hKcXy73oOhcLPP0ltvmnb8A8Y7K40CQKHH0R QustAUM61eqD7uJ94rU6B5gFNueS0f9/g32ls=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
Sorry, a poor explanation, had a very tired day yesterday!

Basically, I'm using a bridging solution standard xen bridging scripts,

1 physical ethernet card, bridge eth0
1 virtual attached to the bridge peth0
2 domUs, also attached to the bridge, vif1.0 and vif2.0

There are three different IP addresses, one for each virtual interface.

I have been able to filter for the domUs via the forward chain taking out the packets to each domU to a specific chain for that domU, and then handle the packets with ACCEPT/DROP, as per usual.

-m physdev  --physdev-in peth0 --physdev-out vif${DOMUID}.0 -j <DOMU chain>

However, I blanked on where to get hold of the traffic to the dom0? Does that go to FORWARD too? Or does it simply hit INPUT?

Cheers for your help,

J

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.