 Home |
Products |
Support |
Community |
News |
xen-users
[SPAM] Re: [Xen-users] Re: number of ips
| To: | Xen Users <Xen-users@xxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | [SPAM] Re: [Xen-users] Re: number of ips |
| From: | Anand Gupta <xen.mails@xxxxxxxxx> |
| Date: | Sat, 11 Apr 2009 17:17:45 +0530 |
| Cc: | |
| Delivery-date: | Sat, 11 Apr 2009 04:48:38 -0700 |
| Dkim-signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=pA9wPaRK4BD+aUyPSG0D5U9d/qNNFRdZRgLF9cCqZJE=; b=Btnwn19XGIWm/c+5BNebsINs4GAA2ZqE1Jmzr6oGzEyBIRoMFk+2YIa15P9pudNqme UaxcWHYNriTCoAVIrRUntIXmcn1+Ra6Y4/I6zjIFlo5FmjgAp8QCDZPanIksrJak3OOG tIfSssbxGROaHdVpwTDX34d71EVOw1L3gh93I= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=EnGDav8ZCr4oM9Z6FKdeTBCL22fCWUANO2HlDwA6g4uS08GsPtsT2sDOrk4THoN90G o5UofZLbBG7cG/QUVOdWDEZEcsktHzJMU32d6xk8T4gkw1rwzAW2bqWnWjsJEim74Lbz L9DBJEsImAYr0T1XOuMXP3HjHVL7vJsGtdEnQ= |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxxx |
| Importance: | Low |
| In-reply-to: | <op.ur7y4munrtqp7s@chiyo> |
| List-help: | <mailto:xen-users-request@lists.xensource.com?subject=help> |
| List-id: | Xen user discussion <xen-users.lists.xensource.com> |
| List-post: | <mailto:xen-users@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe> |
| References: | <acb757c00904090609y3975792dgd89d28e843ee9ee@xxxxxxxxxxxxxx> <49DFC083.3060604@xxxxxxxxxx> <acb757c00904101516v53fa1aabjbc1eb304aa707280@xxxxxxxxxxxxxx> <49DFDC3F.9080706@xxxxxxxxxx> <49DFDE62.404@xxxxxxxxxx> <acb757c00904110352pafd134bqba01e8a6945f3bbc@xxxxxxxxxxxxxx> <op.ur7y4munrtqp7s@chiyo> |
| Sender: | xen-users-bounces@xxxxxxxxxxxxxxxxxxx |
|
I tried to use the antispoof feature thinking it should do the trick. Modified /etc/xen/xend-config.sxp and modified it as follows: (network-script 'network-bridge antispoof=yes')
Restarted, xen, and then checked the iptables --list. I don't see the DROP rules added. Here is iptables before start of domU ****************************************************************************************************************
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps Chain FORWARD (policy ACCEPT)
target prot opt source destination ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT) target prot opt source destination ****************************************************************************************************************
Here it is after domU was started **************************************************************************************************************** Chain INPUT (policy ACCEPT)
target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps Chain FORWARD (policy ACCEPT)
target prot opt source destination ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif6.0 Chain OUTPUT (policy ACCEPT) target prot opt source destination
**************************************************************************************************************** The only difference between both the outputs is
>ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in vif6.0 Any ideas why this is happening ? P.S. : If i am wrong in thinking that the above will resolve the problem of users binding ips of their domU and using them, please correct me.
-- regards, Anand Gupta _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users |
| Previous by Date: | Re: [Xen-users] Re: number of ips, Eljas Alakulppi |
|---|---|
| Next by Date: | Re: [Xen-users] Re: number of ips, Fajar A. Nugraha |
| Previous by Thread: | Re: [Xen-users] Re: number of ips, Eljas Alakulppi |
| Next by Thread: | Re: [SPAM] Re: [Xen-users] Re: number of ips, Eljas Alakulppi |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
