Hi, On one of our server, we have a VM which does BGP routing, and routes a full class C (let''s pretend the network is 12.34.56.0/24). I''m using Xen 4.0 from Debian Squeeze (unmodified package). We use, in /etc/xen/xend-config.sxp: (network-script ''network-bridge antispoof=yes'') The issue is that the anti-spoof firewall of Xen prevents the networking to work for other VMs which will use 12.34.56.1 as gateway. If I do: iptables -I INPUT -j ACCEPT iptables -I FORWARD -j ACCEPT of course, it does work, but that''s not what I want. I really want to have the anti-spoofing feature to be there. Also, if I add let''s say 12.34.56.5 to the xen startup file of the VM that does the BGP routing, it doesn''t work (eg: 12.34.56.5, which is used by another VM, is still not routed). What''s the solution here? Also, is there a plan for ipv6 support on this anti-spoof firewall? If there''s things to contribute so that the above can be done, I''d be happy to work on that, so that anti-spoofing can be done. Last, if I switch to xl instead of xm, is there a way to still have the anti-spoof feature which is so nice? Cheers, Thomas Goirand P.S: Has anyone tried the new XCP packages available in Debian SID since Christmas? I''ve uploaded last week-end v1.3-15 in SID, after a long work with Mike and Jon on it, and I believe it works quite well now, but feed-back would be appreciated! Please see the QA page: http://qa.debian.org/developer.php?login=pkg-xen-devel@lists.alioth.debian.org