similar to: Bug#430778: xen-utils-common: NAT scripts not generic enough, and made for DHCP ?

This patch adds an ACM hook into the network scripts (/etc/xen/scripts). It adds iptables rules that enforce mandatory access control on network packets exchanged between virtual interfaces. If ACM is active, this patch sets the default FORWARD policy in Dom0 to DROP and adds iptables ACCEPT rules between vifs that belong to domains that are permitted to share (determined by using the

Hi, I''ve been making leaps and strides with Xen on FC4. It has been easy to get installed and to start our first virtual host. I''ve got one outstanding issue with iptables that is preventing me progressing further. This is a colo''d server. It has s single NIC with public IPs. The bridge is set to come up binding vif* <> xen-br0 <> eth1. I can start a

http://bugzilla.netfilter.org/show_bug.cgi?id=751 Summary: IPv6 bridging bug Product: iptables Version: unspecified Platform: x86_64 OS/Version: Gentoo Status: NEW Severity: normal Priority: P3 Component: ip6tables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: david at

CentOS 5.5 Xen "standard" Xen Installation. I have two nics. I just put the second one to DHCP and modified the ifcfg-et01 and so far I am holding, but I am not confident. Prior they were sequential IP Addrs on same subnet. arpwatch has indicated flip flips. I can find no rhyme or reason to predict them. I know I missed I must have missed a step somewhere. I want to keep the

Hi, I'm not sure but I think I suffer under the same problem with a bit different setup with squeeze testing and xen 4.0rc5. In fact I'm using bridges in the dom0 and the connections to the domU get lost sporadically. In don't see where's a solution to the problem... Is it now a bug? When it's an iptables bug, where's the corresponding bug in the iptables bugtracker

(if this post gets line-feed-mangled please read http://www.dl.reneschmidt.de/shorewallxenpost.txt - that''s an unmangled version, thank you) Hello, first I would like to thank the Mr. Eastep and contributors for this great piece of software and superb documentation. I have a SOHO server (Debian testing) that I''m using for several purposes so I''ve set up a Xen

Hello All, I am trying to implement OpenVPN on Fedora core Linux 3 with the latest pathces installed. This server is used only as firewall/internet gateway/proxy/VPN server, with kernel 2.6.1-1.27.FC3 and kernel 2.6.1-1.27.FC3 SMP It has two NIC''s eth0 (10.0.0.150) connected to ADSL, eth1 (192.168.3.12) connected to the local network. I use shorewall 2.4 on this machine. I like to test

Hi, I contact you as i have difficulties to use nwfilter with KVM host. I want to implemente flow filtering between my Linux guests. I created the following filter : cat admin-dmz-internet.xml <filter name='admin-dmz-internet'> <!-- this zone is an SSH ingoing only zone --> <!-- but SSH can go to an other SSH proxy --> <filterref

Hi, I''ve been making leaps and strides with Xen on FC4. It has been easy to get installed and to start our first virtual host. I''ve got one outstanding issue with iptables that is preventing me progressing further. This is a colo''d server. It has s single NIC with public IPs. The bridge is set to come up binding vif* <> xen-br0 <> eth1. I can start a

Hi! I''m not new to Xen but I''m new to this list. I''m having a truely bizarre problem with Xen bridged networking at the moment. This is a new install, on RHEL4. The symptom is that any domU set up simply fails to talk to anything else. It''s there, and running, and it has an ethernet device, but there''s never any response. After digging through the

Hi all, I''m new to shorewall and have been struggling with several problems for several days now. Most of them are solved, but one still persists. The firewall is running on my server under Debian Sarge (Kernel 2.6) I''ve got three network interfaces: ppp0 (DSL Internet) eth1 (lan) ath0 (wlan) eth1 and ath0 are bridged together to br0. The problem is, that Samba (also running

Package: xen-utils-common Followup-For: Bug #430778 Here's a patch I made to have working rules here... feel free to comment/adapt. Hope this helps -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.18-4-xen-686 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8,

Hi, I have a suspicious problem with multiple uplinks configuration. First of all my configuration: 1) kernel 2.6.20.3 2) iptables 1.3.7 3) last iproute (for masked marks) All wan interfaces are bridged (stp disabled) in only one interface (wan0), all lan interfaces are bridged (stp enabled) in only one interface (zlan0). The wan0 bridge is to allow UPnP works. To allow related

Hello, loading conntrack resolve my problem ... layer 7 have got a dependency with conntrack but doesn''t load it automaticaly... so module is loaded but no packets match with l7-protocols ... reported as a bug http://sourceforge.net/tracker/index.php?func=detail&aid=1596065&group_id=80085&atid=558668 regards ArcosCom Linux User a écrit : > With: >

Hi, this is propably bridge related and not really a xen problem, but it might help someone: Some of our domUs are not able to arp. Arp -n show (incomplete), and doing a tcpdump shows, that on the dom0''s eth0 the arp request goes out, the response comes in, but on the vifX.0 interface the arp response is gone. dom0# tcpdump -ni eth0 arp who-has 10.32.2.51 tell 10.32.7.70 arp reply

Hi, I would like to know if somebody can point me out how to configure several DomUs in a private LAN (for example 192.168.100.0/24) and one DomU with two interfaces (one - 192.168.100.0/24 and two - internet). So far I have enabled in xend-config.sxp: (network-script network-route) (vif-script vif-route) My config files have: /mnt/VM/1.cfg:vif = [''ip=192.168.1.3'']

Hi, I have taken the long and winding road and indeed it lead me to your door. I need your help, please. My Xen includes 2 guests. Xen itself (10.2.0.52) gets free access to the outside world and to its guests. Both guests however (10.2.0.54/10.2.0.55) see each other but stay under house arrest! Not a single ping manages to go past the bridge (xenbr0) and get an answer from the default gateway

Hi All, I created a couple of virtual networks (forward mode=nat) in my rhel6-kvm box. I've come across 2 weird issues. 1. My Iptables rule chainset contains repeated rules. The same rule gets repeated block by block 2. For connecting to guest using SSH, I created a custom IPTables chain. I want this chain to be on top of the FORWARD chain, but everytime the libvirtd is restarted the rule

https://bugzilla.netfilter.org/show_bug.cgi?id=870 Summary: Iptables cannot block outbound packets sent by Nessus Product: iptables Version: 1.4.x Platform: x86_64 OS/Version: Ubuntu Status: NEW Severity: normal Priority: P5 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org

Bernd wrote: > -----Original Message----- > From: libvirt-users-bounces@redhat.com [mailto:libvirt-users- > bounces@redhat.com] On Behalf Of Lentes, Bernd > Sent: Thursday, March 19, 2015 5:12 PM > To: libvirt-users@redhat.com > Subject: Re: [libvirt-users] still possible to use traditional bridge network > setup ? > > Laine wrote: > > ... > > Hi Laine,