WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Re: Blocking DomU NetBios

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Re: Blocking DomU NetBios
From: Ligesh <myself@xxxxxxxxxx>
Date: Thu, 14 Feb 2008 21:30:56 +0530
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
Delivery-date: Thu, 14 Feb 2008 07:35:56 -0800
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=private; d=ligesh.com; b=PTDMALKss2OdoGSGumjQ7zAn6bif3snHYM3f7Z/46C6D5SL3mVNuH+k/9nFVItBX;
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20080213185945.GO3692@xxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <20080211235857.GA5298@xxxxxxxxxx> <47B0DDA4.8010609@xxxxxxxxxx> <20080212113818.GA19475@xxxxxxxxxx> <20080213120141.GA30857@xxxxxxxxxx> <20080213185945.GO3692@xxxxxxxxxxx>
Reply-to: Ligesh <myself@xxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.13 (2006-08-11)
On Wed, Feb 13, 2008 at 06:59:45PM +0000, Andy Smith wrote:
> You need to use --physdev since this is a bridge.

Thanks a lot for the answer. The problem is that I am not seeing any packet at 
all going through in the forward chain.

And iptables -L -v returns this:

----------------------------------
Chain INPUT (policy ACCEPT 2158K packets, 2210M bytes)
 pkts bytes target     prot opt in     out     source               destination

 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  any    any     anywhere             anywhere    
        PHYSDEV match --physdev-in vifxenv0
  0     0 DROP       all  --  any    any     anywhere             anywhere      
      PHYSDEV match --physdev-in vifxenv0

Chain OUTPUT (policy ACCEPT 1508K packets, 590M bytes)
pkts bytes target     prot opt in     out     source               destination
--------------------------

I have tried completely blocking all traffic to and from the domU, but there 
isn't any thing there to block. Also, in the case of HVM, the actual device 
seems to be tapN, rather than the device vifN.0. Even though the latter is 
present, the ifconfig shows its traffic as 0, and the traffic is actually going 
via the 




> You might also consider using routed networking instead.

 Routed Networking is not an option, since unlike in the case of linux, the 
windows domUs work via dhcp. and DHCP will not work on routed networking.

 Thanks again.




_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users