WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Firewalls

On Saturday 15 April 2006 04:53, Dick Davies wrote:
> > Tom Eastep <teastep@xxxxxxxxxxxxx> wrote:
> > > When xend starts,
> > > it creates a bridge (xenbr0) through which all traffic into and out
> > > of eth0 flows. See the first part of
> > > http://www.shorewall.net/Xen.html for details.
>
> Thanks for the link Tom.
>
> Is this why I can't reuse my existing iptables rules in dom0?
> I assumed the stock xen3.0.1 dom0 kernel was missing some modules.

The reason that you can't use your existing iptables rules in a Xen dom0 is 
that the networking configuration after xend starts is different from the 
environment before xend starts (there is a bridge added and traffic passing 
through that bridge is visible to netfilter; there are also additional 
interfaces added but those interfaces have no IP configuration so they don't 
present a compatibility problem).

In short, you cannot expect an existing set of iptables rules to work after 
you make a significant change to the network configuration of the host.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@xxxxxxxxxxxxx
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Attachment: pgpDd7Nq6JYiK.pgp
Description: PGP signature

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
<Prev in Thread] Current Thread [Next in Thread>