WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] Antispoof and HVM

from [Andrey] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Antispoof and HVM
From: Andrey <basketboy@xxxxx>
Date: Sun, 28 Feb 2010 23:58:35 +0300
Delivery-date: Sun, 28 Feb 2010 13:00:43 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.23 (X11/20090817) 
Hello,

Does antispoof mechanism work in network-bridge with HVM domUs?
It seems no. There are the following iptables rules that were added after starting hvm domU with FreeBSD: 

:INPUT ACCEPT [3126:359694]
:FORWARD DROP [974:187815]
:OUTPUT ACCEPT [973:266082]

-A FORWARD -m physdev  --physdev-in peth1 -j ACCEPT
-A FORWARD -m physdev  --physdev-in vif60.0 -j ACCEPT
peth1 is the physical interface on domO which is connected to eth1 bridge, vif60.0 is domU interface. After starting hvm domU it is inacessible via network.
If I change default policy of FORWARD policy to accept everything is fine. With PV domUs current antispoof scheme works fine. 

Where is the problem?

With regards, Andrey

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] xen pv-ops kernel and CentOS 5, David Gonzalez
Next by Date:  Re: [Xen-users] Antispoof and HVM [SOLVED], Andrey
Previous by Thread:  [Xen-users] xen pv-ops kernel and CentOS 5, David Gonzalez
Next by Thread:  Re: [Xen-users] Antispoof and HVM [SOLVED], Andrey
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy