similar to: Bug#894013: xen-utils-common: issue with iptables antispoofing rules in xen4.8 generated by vif-bridge and vif-common.sh

Hey everyone, I have a question about vif-common.sh. I run multiple bridges attached on dummy interfaces, which allow me to put guests in seperate subnets (routed through the dom0). As you might expect I already have quite extensive iptables scripts to accomidate this kind of routing. I was just hoping someone on this list can confirm, that I understand what the iptables lines in vif-common.sh

Hi folks, I am trying to get antispoofing running on xen3 (based on Debian Sarge). This is what I have done to enable it: 1. I have compiled a dom0 kernel with CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m 2. I made sure this module is loaded: lsmod gives xt_physdev (among others). 3a. I have changed the line "(network-script network-bridge)" to "(network-script network-bridge

Hello with XEN 3.4.x antispoof=yes works on a bridge setup. I am using this line in xend-config.sxp (network-script ''network-bridge antispoof=yes'') It creates this under IPTABLES FORWARD chain: ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in peth0 Under XEN 4.0.1 it is not working, it does not create a IPTABLES rule. Customers can

Hi, we are trying to secure our Xen boxes with IPtables on Dom0 but we always seem to get cut off and can only cure it be rebooting the box. Has anyone got a sucessful config they can share that secures the server with one nic? We are using Xen 3.0.4 thanks Ian _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com

Dear Help, We are in the process of setting up a new domain using Active Directory on Windows Server 2003R2. One of our goals was to use Active Directory for authentication on our AIX box (running version 6.1). I was able to successfully set up Kerberos, and the LDAP client to connect to our AD server so that you can now log in to the AIX box with users found in Active Directory. However, no

Hi. I have some issues after rebooting the system. First, I would like to show you how I have installed XEN. S.O: Debian Lenny Installation: By default without additional packets So, I installed XEN # aptitude install xen-hypervisor-i386 libc6-xen xen-utils xen-tools bridge-utils # aptitude install xen-linux-system-2.6.26-2-xen-686 # nano /etc/modules loop max_loop=128 # nano

Some more details. Below is what I have during joining Linux (Ubuntu 20.04) to the SVITLA3 domain. SVITLA3 (Samba) is trusting, APEX (AD) is trusted. SVITLA3 has *administrator *and *test01 *users, APEX has *administrator *and *jake *users. test01 - 20000:20000 (uidNumber:gidNumber) jake - 10000:10000 You can see some delay in some places - I marked them bold. It looks like DNS timeouts. The

Hi, I want to use Xen on a current Testing using the amd64 architecture. I want to use the i386 architecture for the laster Xen guests. The hardware is a Intel Xeon 5130 (Woodcrest) with the Vanderpool support. Two harddisk are used as a Linux software raid 1. Installing the hypervisor and rebooting worked like a charm since the bootmenu of grub has also been updates:) The hypervisor is

Hi all, I want to let linux server join ad by using a trust ad's child domain user, but failed with error. below is my env and what I have try I have 3 domain controller: test.com,demo.com and chn.demo.com test.com with demo.com is two way trust. and chn.demo.com is the child domain of demo.com demo at demo.com chn at chn.demo.com can join ad member to test.com I have tested demo at

Hi all, I?m a little bit confused about the quota plugin in dovecot and fighting the the issues the people had years ago. I spent readingg the old archives and the mailing list for 3 days and not able to get work some features. Single user quota is fine and simple, the group quota /for example domain based/ makes me unhappy. Setup: CentOS7, dovecot comunity repo, dovecot 2.3.5 1) domain quota

Hai, ? Sorry for the late(r) reply but we all need to sleep also sometimes.? ;-) note, i saw its fixed, but i'll do comment a bit through your replies. ? ? mainly because of this part ? this part.? (Sended: monday 13 juli 2020 18:51) > net ads join -U administrator at SVITLA3.ROOM > Enter administrator at SVITLA3.ROOM's password: > Using short domain name -- SVITLA3 >

Package: xen-utils-common Version: 4.1.3-8 Severity: important When antispoof is set to 'on', the vif-common script does not create an ALLOW firewall rule for the emulated vif devices. This means that HVM nodes, unless a Xen PV driver is installed and running, cannot access the external network. The vif-common script creates an ACCEPT entry for the normal vif device (e.g. vif4.0) but not

Hi, by XFS do you mean filesystem quotas, yes ? regards Peter > On 14 Mar 2019, at 15:19, Edgaras Luko?evi?ius via dovecot <dovecot at dovecot.org> wrote: > > I was fighting domain quota for a long time, too. And I was never really successful at it, because group/domain quotas have multiple problems, and domain quota recalc is just one of them :) > > After a long trial

Hi folks, Following command prints 2 graphs side-by-side:- layout(matrix(1:2, nrow=1)) plot(Date,Input_No.) plot(Test01$Date, Test01$Input_No.) However each is a square graph I need a rectangular layout. Pls advise how to make it. TIA B.R. satimis

Hi, I'm not sure but I think I suffer under the same problem with a bit different setup with squeeze testing and xen 4.0rc5. In fact I'm using bridges in the dom0 and the connections to the domU get lost sporadically. In don't see where's a solution to the problem... Is it now a bug? When it's an iptables bug, where's the corresponding bug in the iptables bugtracker

Hi folks, File to be used is on; data(InsectSprays) I can't figure out where to insert it on following command; test01 <- read.csv(fil.choose(), header=TRUE) Please help. TIA B.R.

Problem still not solved, or any idea whats wrong. here are some msgs: device vif1.0 entered promiscuous mode alloc irq_desc for 1246 on node 0 alloc kstat_irqs on node 0 brI: port 2(vif1.0) entering learning state device vif1.1 entered promiscuous mode brE: port 2(vif1.1) entering learning state physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for

Currently using physdev on a bridge to try and isolate certain paths across and to the bridge. It all works except when trying to stop the flow in one direction on the FORWARD chain?? Can someone please help?? Below is the testing done so far. eth1 <---> BRIDGE <---> eth0 # Block (eth0 ---> eth1) - blocks both directions and not just one?? iptables -A FORWARD -m physdev

Hi, I wonder if anyone can help me with this, I have been trying to get a vm up and running for a while now and cant for the life of me work out why it isnt working. The errors I get arnt very helpful and im at a loss as how to debug this any further. Here is the command and output that I get...(Also nothing shows up with virsh list --all after so its starting to install then dropping out) Hope

Hi folks, in 2.4 kernels, device matching for bridged packets was done with iptables -i/-o. Since 2.6, I was used to use -m physdev here. In 2.6.18, This seems to be more complicated. At least the filter/INPUT chain now doesn't match with -m physdev --physdev-in anymore, but FORWARD and OUTPUT does. I also read the note that -m phydev is now deprecated for non-bridged traffic. Does this