This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] Force traffic out one interface

To: Jonathan Tripathy <jonnyt@xxxxxxxxxxx>
Subject: Re: [Xen-users] Force traffic out one interface
From: "Fajar A. Nugraha" <fajar@xxxxxxxxx>
Date: Sun, 13 Jun 2010 23:02:24 +0700
Cc: Xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Sun, 13 Jun 2010 09:05:20 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4C14FD27.2080100@xxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4C14FD27.2080100@xxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
On Sun, Jun 13, 2010 at 10:45 PM, Jonathan Tripathy <jonnyt@xxxxxxxxxxx> wrote:
> Hi Everyone,
> Does anyone know any rules that I could use (using iptable, ebtables, or
> otherwise) that could force all traffic coming from a guest to go out via a
> particular interface? I wish to stop "inter-guest" communication, without
> going via my firewall first.

IIRC Xen bridged networking by default passes domU traffic through the
bridge on dom0 (even for inter-guest communications). Try setting up
some rules there (i.e. make dom0 your firewall).

If you want to use an external firewall (not in dom0), then no, I
don't know of any way to do that.


Xen-users mailing list