WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

RE: [Xen-users] Xen 3.3 bridged-networking

To: "Maximilian W. Zeller" <mawize@xxxxxxxxx>, <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-users] Xen 3.3 bridged-networking
From: "James Harper" <james.harper@xxxxxxxxxxxxxxxx>
Date: Mon, 24 Nov 2008 20:31:58 +1100
Cc:
Delivery-date: Mon, 24 Nov 2008 01:32:35 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <b2f21c20811240120r56eb9c5dg1deb6fca138910b0@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <b2f21c20811240120r56eb9c5dg1deb6fca138910b0@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AclOFgLesBR5Lr8YQpaEQzz76MbE2QAAVFJA
Thread-topic: [Xen-users] Xen 3.3 bridged-networking
> Hi
> 
> I don't quite understand the new xen networking. We use
network-bridge!
> Everything works fine except that an iptables firewall on dom0 blocks
all
> my domU. In my firewall settings i use eth0. I figured out that eth0
is
> the bridge but where is the interface for dom0? I want my firewall
setting
> to only apply to dom0 interface!
> Since there is not anything like vif0.0 i don't know on which
interface to
> set up my firewall. Any suggestions how to solve this problem?
> 

Try:
echo 0 >/proc/sys/net/bridge/bridge-nf-call-iptables
echo 0 >/proc/sys/net/bridge/bridge-nf-call-ip6tables
echo 0 >/proc/sys/net/bridge/bridge-nf-call-arptables

That should make the firewall behave a bit more like what you are
expecting.

James

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>