WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/

Home

xen-users

[Top] [All Lists]

RE: [Xen-users] Automatically provisioning IP addresses on a new VM

from [James Harper]

[Permanent Link][Original]

To:	"George Shuklin" <george.shuklin@xxxxxxxxx>, <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject:	RE: [Xen-users] Automatically provisioning IP addresses on a new VM
From:	"James Harper" <james.harper@xxxxxxxxxxxxxxxx>
Date:	Sun, 21 Nov 2010 10:22:34 +1100
Cc:
Delivery-date:	Sat, 20 Nov 2010 15:23:58 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<1290294376.27972.35.camel@xxxxxxxxxxxxxxxx>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<AANLkTinibYH-UF0txZgkXTmALRQaSvTV60PRkHM0BnFV@xxxxxxxxxxxxxx><AEC6C66638C05B468B556EA548C1A77D01B209AD@trantor><AANLkTimvNemuq3oULs3vuEBKYnZp6fRst_c5DgA0D1mt@xxxxxxxxxxxxxx><AANLkTin1SOEH5EMkHLVh26JTtGncW+28t6M6XFSzk1cc@xxxxxxxxxxxxxx> <1290294376.27972.35.camel@xxxxxxxxxxxxxxxx>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index:	AcuJB8UOKlct///eTuaMBzn9BU2jYAAAdfOg
Thread-topic:	[Xen-users] Automatically provisioning IP addresses on a new VM

> 
> В Сбт, 20/11/2010 в 10:41 -0500, Javier Guerra Giraldez пишет:
> > On Sat, Nov 20, 2010 at 9:26 AM, Andrew White <admin@xxxxxxxxxxxxxxx> wrote:
> > > Would you be able to elaborate on dom0 anti-spoofing?
> >
> > simply add a netfilter rule to allow only packets with the intended IP
> > source coming from the vif
> 
> And, migration? And reboot?
> 
> I think, creating correct VM tracking system is not so easy as sound...
> 

You'd script it in the vif scripts, which I think is already done for MAC 
address spoofing.

Even if you decided on some other method than DHCP, your DomU's are still 
untrusted so you still need to restrict at the vif level.

James

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-users] Automatically provisioning IP addresses on a new VM, Andrew White RE: [Xen-users] Automatically provisioning IP addresses on a new VM, James Harper Re: [Xen-users] Automatically provisioning IP addresses on a new VM, Andrew White Re: [Xen-users] Automatically provisioning IP addresses on a new VM, Javier Guerra Giraldez Re: [Xen-users] Automatically provisioning IP addresses on a new VM, George Shuklin RE: [Xen-users] Automatically provisioning IP addresses on a new VM, James Harper <= RE: [Xen-users] Automatically provisioning IP addresses on a new VM, James Harper RE: [Xen-users] Automatically provisioning IP addresses on a new VM, Dustin Henning RE: [Xen-users] Automatically provisioning IP addresses on a new VM, Simon Hobson RE: [Xen-users] Automatically provisioning IP addresses on a new VM, Dustin Henning

Previous by Date:	Re: [Xen-users] Automatically provisioning IP addresses on a new VM, George Shuklin
Next by Date:	[Xen-users] Problems with cloned OpenSuse 10.3 guest, Glen
Previous by Thread:	Re: [Xen-users] Automatically provisioning IP addresses on a new VM, George Shuklin
Next by Thread:	RE: [Xen-users] Automatically provisioning IP addresses on a new VM, James Harper
Indexes:	[Date] [Thread] [Top] [All Lists]

This site is hosted by Citrix