similar to: antispoof with Xen 3

Hello with XEN 3.4.x antispoof=yes works on a bridge setup. I am using this line in xend-config.sxp (network-script ''network-bridge antispoof=yes'') It creates this under IPTABLES FORWARD chain: ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in peth0 Under XEN 4.0.1 it is not working, it does not create a IPTABLES rule. Customers can

Hi folks, I started testing the antispoof feature of xen stable (2.0.7). I am stuck with it. I have setup a standard bridged environment. I understood it like this: in domU config I set up the virtual NIC like vif = [ ''mac=ae:00:00:78:78:78, ip=192.168.0.100'' ] Then I configure /etc/network/interface of this domU to show the same IP address for eth0. After restarting

Package: xen-utils-common Version: 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5 Severity: important Tags: patch security -- System Information: Debian Release: 9.4 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),

I am planning to schedule a monthly XCP meeting for the community and am struggling with when to host the call. As we are a global community, there is no single optimal time to host the meeting. In an effort to support the most likely attendees, please send me your time zone if you plan to participate in these calls. I will track the most common time zones in an effort to maximize attendance. All

I am planning to schedule a monthly XCP meeting for the community and am struggling with when to host the call. As we are a global community, there is no single optimal time to host the meeting. In an effort to support the most likely attendees, please send me your time zone if you plan to participate in these calls. I will track the most common time zones in an effort to maximize attendance. All

Hey everyone, I have a question about vif-common.sh. I run multiple bridges attached on dummy interfaces, which allow me to put guests in seperate subnets (routed through the dom0). As you might expect I already have quite extensive iptables scripts to accomidate this kind of routing. I was just hoping someone on this list can confirm, that I understand what the iptables lines in vif-common.sh

Package: xen-utils-common Version: 4.1.3-8 Severity: important When antispoof is set to 'on', the vif-common script does not create an ALLOW firewall rule for the emulated vif devices. This means that HVM nodes, unless a Xen PV driver is installed and running, cannot access the external network. The vif-common script creates an ACCEPT entry for the normal vif device (e.g. vif4.0) but not

Hi, we are trying to secure our Xen boxes with IPtables on Dom0 but we always seem to get cut off and can only cure it be rebooting the box. Has anyone got a sucessful config they can share that secures the server with one nic? We are using Xen 3.0.4 thanks Ian _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com

Hello! Since i could not find any information on the internet about this subject, i'm going to try my luck on this list. I'm trying to setup network-filter on a routed setup. I have a root-server at Hetzner, a german hosting provider. Along with my server i ordered a (/28) subnet to be able to setup dedicated IPs for my virtual machines (KVM). My Server is running Ubuntu 12.04 with

When start a domU through xl create. The domU associated ip in the configuration file is not recorded in the xenstore. For this reason vif-common.sh antispoof scripts fails. *xl create * /usr/bin/xenstore-ls /local/domain/0/backend/vif/5/0 frontend = "/local/domain/5/device/vif/0" frontend-id = "5" online = "1" state = "4" script =

Hello I''ve setuped a QOS bridge under debian 3.1 using 2.6.18.3 kernel + iptables 1.3.6 I''ve patched the kernel an Iptables with esfq+layer7 without problems. This simple script doesn''t log nothing ... And I''m sure to have eMule traffic (I''ve checked with tcpdump ) If I remove " -m layer7 --l7proto edonkey \" line I can see

Hello, When start a domU through xl create. The domU associated ip in the configuration file is not recorded in the xenstore. For this reason vif-common.sh antispoof scripts fails. *xl create * /usr/bin/xenstore-ls /local/domain/0/backend/vif/5/0 frontend = "/local/domain/5/device/vif/0" frontend-id = "5" online = "1" state = "4" script =

http://bugzilla.netfilter.org/show_bug.cgi?id=751 Summary: IPv6 bridging bug Product: iptables Version: unspecified Platform: x86_64 OS/Version: Gentoo Status: NEW Severity: normal Priority: P3 Component: ip6tables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: david at

Hello, in the example configuration-files I always read, that I''ve to add an IP-Adress if I don''t have a DHCPd running. I''m running in bridge-mode. For example: vif = [''ip=192.168.5.99''] But I don''t want to configure the IP-Adress in an config-file on Dom-0; the Admin of the Dom-U should do that with Dom-U''s ifconfig (or

Hi! I am trying to export a PCI device (an AVM Fritzcard PCI ISDN card...) to a domU but when starting my domU I am getting this error: "pciback pci-4-0: 22 Couldn''t locate PCI device (0000:00:06.0)! perhaps already in-use?" My system is running both debian etch in dom0 and domU... Below you can find (hopefully) all important information... Sincerely, Gaubatz Patrick

Hi All, I''m having a similar issue as Ian Tobin some weeks ago here: http://lists.xensource.com/archives/html/xen-users/2010-02/msg00645.html I''m using Debian Squeeze amd64, downloaded the experimental debian xen-amd64 kernel with pv_ops support. linux-headers-2.6.32-5-common-xen_2.6.32-13_amd64.deb linux-headers-2.6.32-5-xen-amd64_2.6.32-13_amd64.deb

hello! i think i have an very common problem. i want to run a distro based on a 2.4 kernel (Scientific Linux 3/Centos 3/RHEL 3) in xen3 as domu. the dom0 is a 2.6 based and works fine. so i think the way to go is to "simply" use an 2.6 kernel. but now i see there are several things which don''t work for example module-init-tools are missing and i expect problems with the glibc.

Hello All, I have been having a very difficult time getting any template to work on xen. Here is what I am running root@personal:/etc/xen-tools# xm info host : personal release : 2.6.22-14-xen version : #1 SMP Tue Feb 12 09:27:26 UTC 2008 machine : i686 nr_cpus : 2 nr_nodes : 1 sockets_per_node : 1

Greetings! Trying to to run a xen3 domU on a xen4 dem0 I run into problems. The xen server ''XEN1''(dom0) is openSUSE-11.3 (kernel 2.6.34) and xen-4.0.1. With qemu I created an image ''M08.raw'' from the SUSE-9.3 (kernel 2.6.11) and XEN-3.0 installation CD''s. The XEN modules were included in the installation. In M08.raw/boot I configured grub/menu.lst:

This patch adds an ACM hook into the network scripts (/etc/xen/scripts). It adds iptables rules that enforce mandatory access control on network packets exchanged between virtual interfaces. If ACM is active, this patch sets the default FORWARD policy in Dom0 to DROP and adds iptables ACCEPT rules between vifs that belong to domains that are permitted to share (determined by using the