[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Force traffic out one interface

To: Jonathan Tripathy <jonnyt@xxxxxxxxxxx>
From: "Fajar A. Nugraha" <fajar@xxxxxxxxx>
Date: Sun, 13 Jun 2010 23:02:24 +0700
Cc: Xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Sun, 13 Jun 2010 09:05:20 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>

On Sun, Jun 13, 2010 at 10:45 PM, Jonathan Tripathy <jonnyt@xxxxxxxxxxx> wrote:
> Hi Everyone,
>
> Does anyone know any rules that I could use (using iptable, ebtables, or
> otherwise) that could force all traffic coming from a guest to go out via a
> particular interface? I wish to stop "inter-guest" communication, without
> going via my firewall first.

IIRC Xen bridged networking by default passes domU traffic through the
bridge on dom0 (even for inter-guest communications). Try setting up
some rules there (i.e. make dom0 your firewall).

If you want to use an external firewall (not in dom0), then no, I
don't know of any way to do that.

-- 
Fajar

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] Force traffic out one interface
  - From: Jonathan Tripathy

References:
- [Xen-users] Force traffic out one interface
  - From: Jonathan Tripathy

Prev by Date: Re: [Xen-users] Bridge rules
Next by Date: Re: [Xen-users] Force traffic out one interface
Previous by thread: Re: [Xen-users] Force traffic out one interface
Next by thread: Re: [Xen-users] Force traffic out one interface
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.