| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
[Xen-users] Filtering traffic to Xen guest machines
Hello.
I've just started using Xen. My configuration is plain simple: I've got a
Centos 5 Host with Xen and a single virtual machine which also uses Centos 5.
Both of them have real IPs of the same real network.
Now, I have to delegate the server administration to an external company which
I don't trust, so I'd want to filter any connection started by the virtual
machine.
The idea is that everyone outside can connect that virtual IP, but any try of
connection from the Guest OS, which isn't part of an already established
communication, is dropped.
As far as I've seen, I should do it with EBtables, as the guest IP address is
part of a bridge in the host machine. In fact, I've tried using simple
restrictions, using --ip-source or --ip-destination, and it works.
The point is that ebtables doesn't have an option to check for SYN headers, so
I can't check if a package is trying to establish a new communication or not.
I can do it with IPtables, but it doesn't work as I'm trying to filter traffic
within a bridge.
Can anybody please give me some advice? Thanks in advance, and sorry for my
bad English :)
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Xen-users] Filtering traffic to Xen guest machines,
javier . prieto . ext <=
|
|
|
| |
|
Home