WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] Anti-IP-spoofing blocks the wrong packets

from [Robin Green] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] Anti-IP-spoofing blocks the wrong packets
From: Robin Green <greenrd@xxxxxxxxxxxxx>
Date: Tue, 15 Feb 2005 22:06:03 -0500 (EST)
Delivery-date: Wed, 16 Feb 2005 03:07:12 +0000
Envelope-to: xen+James.Bulpin@xxxxxxxxxxxx
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
With xen-unstable from 20050207, the anti-IP-spoofing measure does not work. It blocks packets from domU from leaving the host. This is because 
the following iptable was set up by the script on dom0:

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in eth0 ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in eth0
(it is in there twice because I had the rule saved from last time, and the script doesn't detect duplicate rules.) 

Running:

 iptables -P FORWARD ACCEPT

solved the problem.

--
Robin


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Status of save/migrate in xen-2.0.4?, Evan Bigall
Next by Date:  [Xen-devel] RE: [patch ia64] remove duplicate uint64_t definitions, Magenheimer, Dan (HP Labs Fort Collins)
Previous by Thread:  [Xen-devel] Status of save/migrate in xen-2.0.4?, Evan Bigall
Next by Thread:  RE: [Xen-devel] Anti-IP-spoofing blocks the wrong packets, Ian Pratt
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy