On Tue, May 25, 2010 at 08:22:00PM +0100, Jonathan Tripathy wrote:
>
> On 25/05/10 20:13, Iustin Pop wrote:
> >On Tue, May 25, 2010 at 10:04:26AM -0400, Vern Burke wrote:
> >>I only do static IP assignments on the VMs. I have no idea how you'd
> >>stop a VM from running a DHCP server from outside the VM (not that I
> >>can imagine why anyone would want to do that anyways). The best
> >>answer I've found for a lot of shennanigans is a zero tolerance
> >>policy in the terms of service (do it and you're gone, period).
> > From http://en.wikipedia.org/wiki/DHCP: "DHCP uses the same two ports
> > assigned
> >by IANA for BOOTP: 67/udp for sending data to the server, and 68/udp for data
> >to the client."
> >
> >You could simply filter packets on port 67/udp towards the VM, so it doesn't
> >see the requests, and on port 68/udp from the VM, so it's not able to reply.
> >
> >regards,
> >iustin
> If that was the case, woudn't my idea of using:
>
> http://www.standingonthebrink.com/index.php/ipv6-ipv4-and-arp-on-xen-for-vps/
>
> work?
Well, that page is a little long, but if you refer to iptables + match
on physdev, yes, that should work, and one needs to add port-based
filtering too. I'm not familiar with arptables, sorry.
regards,
iustin
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|