| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
[Xen-users] Isolating DomU / Networking
Hi
I want to secure/isolate all running DomU's (HVM) against each other,
So no DomU should see (IP-level, MAC/Broadcast level) the other DomU's
I found a patch for the creation of a DomU at
http://www.d7031.de/text/xen_with_lvm_under_etch.shtml
(near the bottom)
It seems that this did not work for me :-(
Regardless of the ebtables rules I could change my IP address and still
could do whatever I wanted in the network.
Therefore I started to dig deeper in the network-configuration which
gave me some more questions:
I did ping between 2 DomUs (Id 14 and 16) and watched the traffic with
tcpdump -i $iface -n host $ip1 or host $ip2
and tried to find out which interfaces the traffic crosses.
[root@xen02 ~]# brctl show
bridge name bridge id STP enabled interfaces
xenbr1 8000.001b78054bee no peth1
tap0
tap1
vif14.0
vif16.0
Here is my result:
Iface packed seen expected
---------------------------------------------
any double ~
xenbr1 yes yes
tap0 yes no
tap1 yes no
vif14.0 no no
vif16.0 no no
peth1 no yes
What is most confusing is that i
a) see the packets on tap0 and tap1
b) but no packets on vif14.0 and vif16.0 ...
Can anyone explain why this is the case?
Best regards
Danny
-------------------------------------------------------------------
DT Netsolution GmbH - Taläckerstr. 30 - D-70437 Stuttgart
Geschäftsführer: Daniel Schwager, Stefan Hörz - HRB Stuttgart 19870
Tel: +49-711-849910-32, Fax: -932 - Mailto:daniel.schwager@xxxxxxxx
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
| <Prev in Thread] |
Current Thread |
[Next in Thread> |
- [Xen-users] Isolating DomU / Networking,
Daniel Schwager <=
|
|
|
| |
|
Home