WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Domain0 and firewalls

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Domain0 and firewalls
From: David Koski <david@xxxxxxxxxxxxxxxx>
Date: Wed, 22 Feb 2006 08:48:07 -0800
Delivery-date: Wed, 22 Feb 2006 16:48:56 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.8.2
I am trying to configure a firewall (shorewall) for Domain0 and
found this document:

http://www.shorewall.net/Xen.html

I had tried to simply install shorewall as I have done many times
before on non-Xen systems but could not get traffic through the
interfaces (eth0, eth1).

The document above seems to imply that both eth0 and xenbr0
interfaces have to be configured. All I am interested in is
controlling traffic to and from Domain0, not the domUs. I want
shorewall installed on each domU. Anyone have experience with
this? Do domUs have special considerations when installing
iptables rules? Can I use iptables in Domain0 on eth0 like a
non-Xen system?

Regards,
David Koski
david.nospham@xxxxxxxxxxxxxxxx



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>