|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Bridge Hopping
On Thu, Jul 15, 2010 at 2:49 PM, Jonathan Tripathy <jonnyt@xxxxxxxxxxx> wrote: > My question was whether the > Dom0 could "forward" packets from one bridge to the other (This is what I > wish to prevent). The 2 bridges that don't have an ip address assigned have > untrusted clients connected to them Under normal circumstances, no. Dom0 would forward traffic from one bridge to another if they have ip address, and dom0 is setup to function as a router. That is, dom0 would treat the bridge the same way as it treats other interface. So if it does not have an IP address on dom0 side, dom0 can't forward traffic from one bridge to another. Note that I said "under normal circumstances". You should be able to make it behave otherwise using things like http://www.bjou.de/blog/2008/05/howto-copyteeclone-network-traffic-using-iptables/ , or by creating some userland program that uses libpcap. -- Fajar _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |