WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Firewalling Xen?

To: "Simon Hobson" <linux@xxxxxxxxxxxxxxxx>
Subject: Re: [Xen-users] Firewalling Xen?
From: "Grant McWilliams" <grantmasterflash@xxxxxxxxx>
Date: Mon, 15 Dec 2008 12:43:14 -0800
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 15 Dec 2008 12:43:58 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type:references; bh=QHB5yTt06uYx422k51fVn0i/VGAx0O3Kwijwh5XEkhc=; b=Rs4aTUewNzO6PmGeYKkx1DQ7tr9CCDyTXE+WccMaZvfnfX6BAfaTRnk5vvS0ESsPtl 8DEvztBnGYi9oZozjFQ3HzQT7hQBBfDPt4h/qFWGaIIUOHmp7xzInRSka6NWwphjM2L3 SaL9RhoVXjy+X4mbA4meePJo6MUdXv3+bsY/k=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=dYPawcBQpJ/G9OxSbyg6CMcDHQKI4B5XadmYCtMHRc4IRXXcAltbRnM2NNbUE0g/CE CgMjcMcJiv/TdKlIRDGKUnwBdNSc0p7UnJm/OKErt1oUvdXuhH4FUlIvCxHRSplbVRHA mVrTJmfJBWDiHDHVv586KmI1KGVakHlrtfqO0=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <a06240806c56c63b1278d@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <14915851.141229329317606.JavaMail.root@xxxxxxxxxxxxxxxxxx> <a06240806c56c63b1278d@xxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx


I have another server that is setup something similar to your setup. I hand crafted an init file to configure a few iptables rules to protect Dom0 - it's pointless trying to run a full firewall as a) I'm not sure anyone really understands networking fully under Xen, and b) the network keeps changing when guests start or stop.



--
Simon Hobson


The one thing that I'd like to say is that if all your DomUs have static IPs you can firewall them just like a firewall protecting any other NATed private network. If they're dynamic you're got some issues.


Grant McWilliams

Some people, when confronted with a problem, think "I know, I'll use Windows."
Now they have two problems.
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
<Prev in Thread] Current Thread [Next in Thread>