|   xen-users
Re: [Xen-users] Re: number of ips 
| Hi David, 
 
 Its working perfectly now. 
 Attached is the actual working vif-bridge script. I hope it helps others as well. Branko will be posting a new diff on his website, which will work with centos5.3 as well. 
 2009/4/17 David <admin@xxxxxxxxxxx> 
You have cut+paste errors,
 --arp-opcode not –arp-opcode
 
 --ip-src not –ip-src
 
 
 
 2009/4/17 Anand Gupta <xen.mails@xxxxxxxxx> 
Hi David,
 As i mentioned the patch doesn't work with centos5.3+xen. Hence looking at the patch, i hand edited the file. The same was posted in an earlier mail send in this thread. Here it is again 
 
 
diff -u vif-bridge vif-bridge-custom  
--- vif-bridge	2009-04-14 23:35:08.000000000 -0400 
+++ vif-bridge-custom	2009-04-15 00:01:08.000000000 -0400 
@@ -57,15 +57,37 @@ 
     online) 
 	setup_bridge_port "$vif" 
 	add_to_bridge "$bridge" "$vif" 
+	ebtables -N $vif 
+	ebtables -P $vif DROP 
+	ebtables -A INPUT -i $vif -j $vif 
+	ebtables -A FORWARD -i $vif -j $vif 
+	ebtables -A $vif -p ARP –arp-opcode 1 -j ACCEPT 
+ 
+	if [ ! -z "$ip" ] 
+	then 
+	for oneip in $ip 
+	do 
+	ebtables -A $vif -p IPv4 –ip-src $oneip -j ACCEPT 
+	ebtables -A $vif -p IPv4 –ip-dst $oneip -j ACCEPT 
+	ebtables -A $vif -p ARP –arp-opcode 2 –arp-ip-src $oneip -j ACCEPT 
+	done 
+ 
+	ebtables -A $vif --log-prefix="arp-drop" --log-arp -j DROP 
+ 
+	fi 
         ;; 
  
     offline) 
         do_without_error brctl delif "$bridge" "$vif" 
         do_without_error ifconfig "$vif" down 
+	do_without_error ebtables -D INPUT -i $vif -j $vif 
+	do_without_error ebtables -D FORWARD -i $vif -j $vif 
+	do_without_error ebtables -F $vif 
+	do_without_error ebtables -X $vif 
         ;; 
 esac 
  
-handle_iptable 
+#handle_iptable 
  
 log debug "Successful vif-bridge $command for $vif, bridge $bridge." 
 if [ "$command" == "online" ]
When i try to start the domU, i just get an error message 
 
Error: Device 0 (vif) could not be connected. /etc/xen/scripts/vif-bridge-custom failed; error detected. 
 Now i looked at all log files, can't seem to find any error. 
2009/4/17 David <admin@xxxxxxxxxxx> 
did you apply the patch?
 After you start a DomU what does ebtables --list  say?
 
 
 2009/4/16 Anand Gupta <xen.mails@xxxxxxxxx> 
So no solution for me to stop users from using any ip address inside their domU, if i use centos ? :(
 
 2009/4/16 David <admin@xxxxxxxxxxx> 
Ye i have a 64bit kernel and the 64 bit package. Switched to debian5 instead.
On Thu, Apr 16, 2009 at 9:58 AM, Rafał Kupka <rkupka+Listy.Xen@xxxxxxxxxxxxx>  wrote:
 On Wed, Apr 15, 2009 at 10:16:22PM +0100, David wrote:Hello,
 
 I remember similar log entry with 32-bit ebtables on 64-bit kernel> [root@monaghan ~]# ebtables -N new
 > The kernel doesn't support a certain ebtables extension, consider
 > recompiling your kernel or insmod the extension.
 > [root@monaghan ~]# dmesg | tail
 > kernel msg: ebtables bug: please report to author: entries_size too small
 
 
 architecture. Check kernel version with "uname -m" and install 64bit
 ebtables rpm if it's x86_64.
 
 Regards,
 Kupson
 --
 Great software without the knowledge to run it is pretty useless.
 (Linux Gazette #1)
 
 _______________________________________________
 Xen-users mailing list
 Xen-users@xxxxxxxxxxxxxxxxxxx
 http://lists.xensource.com/xen-users
 
 
 --
 regards,
 
 Anand Gupta
 
 _______________________________________________
 Xen-users mailing list
 Xen-users@xxxxxxxxxxxxxxxxxxx
 http://lists.xensource.com/xen-users
 
--  regards, Anand Gupta
--  regards, Anand Gupta
 vif-bridge Description: Binary data
 _______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users | 
 
| <Prev in Thread] | Current Thread | [Next in Thread> |  | 
Re: [Xen-users] Re: number of ips, (continued)
Re: [Xen-users] Re: number of ips, David
Re: [Xen-users] Re: number of ips, Anand Gupta
Re: [Xen-users] Re: number of ips, David
Re: [Xen-users] Re: number of ips, Anand Gupta
Re: [Xen-users] Re: number of ips, Rafał Kupka
Re: [Xen-users] Re: number of ips, David
Re: [Xen-users] Re: number of ips, Anand Gupta
Re: [Xen-users] Re: number of ips, David
Re: [Xen-users] Re: number of ips, Anand Gupta
Re: [Xen-users] Re: number of ips, David
Re: [Xen-users] Re: number of ips,
Anand Gupta <=
Re: [Xen-users] Re: number of ips, Fajar A. Nugraha
Re: [Xen-users] Re: number of ips, Nick Anderson
Re: [Xen-users] Re: number of ips, Fajar A. Nugraha
[SPAM]  Re: [Xen-users] Re: number of ips, Anand Gupta
Re: [Xen-users] Re: number of ips, Fajar A. Nugraha
Re: [Xen-users] Re: number of ips, Anand Gupta
 |  |  |