similar to: problem with nwfilter direction='out'

Hi, I contact you as i have difficulties to use nwfilter with KVM host. I want to implemente flow filtering between my Linux guests. I created the following filter : cat admin-dmz-internet.xml <filter name='admin-dmz-internet'> <!-- this zone is an SSH ingoing only zone --> <!-- but SSH can go to an other SSH proxy --> <filterref

Nakta wrote: > libvirts nwfilter module can achieve that. I read over those resources and I did what I thought would be correct, but it's not having any effect. I created a new nwfilter like this: <filter name='allow-virbr2-vpn' chain='ipv4' priority='-700'> <rule action='accept' direction='in' priority='500'> <all

Hi, I'm trying to configure nwfilter for KVM, but so far I haven't managed to figure out a working configuration. Network setup: The dom0 (Debian 7.1, kernel 3.2.46-1, libvirt 0.9.12) is connected via eth0, part of the external subnet 192.168.17.0/24, and has an additional subnet 192.168.128.160/28 routed to its main address 192.168.17.125. The host's subnet is configured as bridge

I'm trying to apply a nwfilter rule for two networks on the same guest interface, like so: ~ # virsh nwfilter-dumpxml 1081532-private-both <filter name='1081532-private-both' chain='root'> <uuid>16004b94-2b62-4568-9467-169908eb4040</uuid> <rule action='accept' direction='in' priority='500'> <ip

Hi folks, I'm using libvirt 3.9.0 running under CentOS 7.5. I want the guests, which are all within the same subnet (e.g. 10.0.0.x.), only talk to their default gateway (e.g. 10.0.0.1) but to each other. This is caused by a design issue of our network platform. I set up a filter rule and attached it to the interface of a guest using nwfilter-define: <filter name='private_ip'

On Fri, Jun 29, 2018 at 3:40 AM Thiago Oliveira <cpv.thiago@gmail.com> wrote: > Hi Ales, > > I would like to prevent the guests from different subnets start a > communication. In other words I have the subnet 192.168.1.0/24 and > 192.168.2.0/24 and the guests from 192.168.1.0/24 cannot reach/talk with > guests on 192.168.2.0/24 at the same host. Is this possible using a

Hi all, I've got a problem with nwfilters/iptables. For one of my guest's interfaces, I have established the following filter: --8<---------------cut here---------------start------------->8--- <filter name='p-mgmt' chain='root'> <uuid>94fdd15b-b380-ba8c-6685-91206829adc7</uuid> <filterref filter='clean-traffic'/> <rule

Hello, I'm having problem setting up filtering traffic for a virtual machine managed by libvirt. Strange thing is, such a setup has been working fine for me on an older version of distro (namely, opensuse 11.3 w/updates, kernel 2.6.34, libvirt 0.8.8) but refused to work on shiny new opensuse 12.4 (kernel 3.7.10, libvirt 1.0.2). The definition of filter in question is pretty simple:

Hi, Over the past few days I've been trying to get a prototype working of a stateful firewall for a Virtual Machine using Libvirt's network filters. My goal is to replace the current custom Python/Java code in the Apache CloudStack [0] project by Network Filters of Libvirt. Both IPv4 and IPv6 should work, but I started off with IPv4 and I have issues with accepting back

I have the need to modify the behavior of the virtual network driver's behavior and how it deals with routed networks. I'm running libvirt-0.8.3-2.fc14. According to http://libvirt.org/firewall.html, the following is automatically added to the FORWARD chain of iptables when a network type of "routed" is started up: "Allow inbound, but only to our expected subnet.

How can I run command in containers on the host? Just like the lxc command lxc-attach. I run : virsh -c lxc:/// lxc-enter-namespace fedora2 --noseclabel /bin/ls but get error: libvirt: error : Expected at least one file descriptor error: internal error: Child process (14930) unexpected exit status 125 Here is my libvirt.xml <domain type='lxc'> <name>fedora2</name>

Hi All, I am new to libvirt and encounter a strange problem to set up network filter in a NAT network. I launched VMs in a single host using NAT, i.e. interface type='network'. Now I want to control the outbound traffic from VM instance - only allow the VM to asses a set of ip addresses. My network filter xml is as follows. The problem is once I change the VM xml, shutdown and start VM,

Hi All, I am new to libvirt and encounter a strange problem to set up network filter in a NAT network. I launched VMs in a single host using NAT, i.e. interface type='network'. Now I want to control the outbound traffic from VM instance - only allow the VM to asses a set of ip addresses. My network filter xml is as follows. The problem is once I change the VM xml, shutdown and start VM,

I'm using Fedora Core 4. with packages of Samba, OpenLDAP, Berkeley DB that came with it. . I had just finished configuring OpenLdap and samba when i realized the nss-ldap libraries were not doing what it's supposed to do, like checking my LDAP for passwd's, logins, and ssh etc. 'getent passwd' only returned entries from '/etc/passwd'. So I had to install PADL's

I have been trying to boot Xen guest (Fedora Core 6 - linux version 2.6.18) from NFS server but I kept encountering a problem despite using ramdisk or not. Key items in my config file are as follows: ================================================= kernel = "/root/Xen/xen-3.1.0-src/linux-2.6.18-xenU2/vmlinuz" # Optional ramdisk. # ramdisk = "/boot/initrd-2.6.18-xenU2.img"

Hello, Will "R" work on this 64 bit machine?, Here are the specs. of our linux box: *Red Hat Enterprise Linux WS (v.3 Standard for AMD64 and Intel EM64T) *OS: redhat-release Release: 3WS CPU Arch: ia32e-redhat-linux (4) GenuineIntel Intel(R) Xeon(TM) CPU 3.40GHz 3399 MHZ Arch: EM64T Cache: 1024 KB Vendor: GenuineIntel Memory: 2000 MB Stepping: 1 Family: 15 Swap: 4000

Hi All, I have two boxes running samba 3 on fedora2. Box A is the primary domain controller & smb file server and we (a primary school in QLD, Australia) can login from our windows 98 machines with samba verifying usernames & passwords. This week I've been trying to setup Box B as a print server (and eventually limit students' printing sprees). I've connected the

Hi, I am sorry if this message has been reposted, but for some reason I am having problems with posting it. I configured asterisk and zaptel modules with fedora2. I want to be able to load the zaptel wcfxo and wcfxs modules. For now I will use only the Wildcard TDM400P card. I am able to load the modules but I cant configure them using ztcfg or zttool because the tools are compiled to use the

On Tue, Jul 26, 2016 at 05:19:22PM +0800, John Y. wrote: > Hi Daniel, > > I forgot to tell you that I using mips64 fedora. Has any effect on this > case? > 2016-07-26 09:05:59.634+0000: 16406: debug : virDomainLxcEnterNamespace:131 > : dom=0xaaad4067c0, (VM: name=fedora2, > uuid=42b97e4d-54dc-41b4-b009-2321a1477a9a), nfdlist=0, fdlist=0xaaad4007c0, > noldfdlist=(nil),

LS, What could cause the following situation: Most users CAN connect to their /home other users CANNOT connect to their /home and get the error 66 message. All users concerned are in the same group and thus share the same gid. I am aware of security stuff putting directories on 0777. Setup is: Win98SE Fedora2 Samba 3.0.3-5 Funny thing is that a smclient -U username \\\\server\username