Displaying 20 results from an estimated 7000 matches similar to: "[SECURITY] preventing Hwaddr spoofing on bridge"
Bug#441249: Bug#441249: xen-hypervisor-3.0.3-1-i386-pae: "Problems using XEN when Quagga is running"
2007 Sep 11
2
Bug#441249: Bug#441249: xen-hypervisor-3.0.3-1-i386-pae: "Problems using XEN when Quagga is running"
Hi,
> Can you manually do on the xen interfaces what the scripts would? How about
> doing it on some other interface configured in a similar way?
Toying with the vif-route script, I might have found a workaround for this
issue.
If I disable the ifconfig and ip route commands from vif-route script, and bring
up vif interface by hand later on, everything seems to work.
In other works,
2014 Aug 11
1
IP/MAC antispoof-protection
Hi all.
What right way to protect ip/mac spoofing for guests withnount dhcp and
other 1 ip per guest?
2007 Jun 06
5
What I learned about Linux bridging
Here are some notes I have about Linux bridging. I''ll try to separate
what I know I know from what I think I know.
Let''s say I want to bridge eth0, eth1, and eth2 together, all with an IP
Address of, say, 1.2.3.2. This is how to do it:
echo "Setting up br0 to bridge eth0 with eth1 and eth2"
/usr/sbin/brctl addbr br0
/usr/sbin/brctl addif br0 eth0
2017 Jun 05
2
Re: Isolate VMs' network
Hi,
Thiago Oliveira <cpv.thiago@gmail.com> writes:
> I would like to know the same! Currently I am using iptables to do it.
I use ebtables.
-Timo
2018 Dec 25
2
Network filters with clean-traffic not working on Debian Stretch
Hello,
I'm recently stumbled over the libvirt network filter capabilities and
got pretty excited. Unfortunately I'm not able to get the the
"clean-traffic" filterset working. I'm using a freshly installed Debian
Stretch with libvirt, qemu and KVM.
My config snippet looks as follows:
sudo virsh edit <VM>
[...]
<interface type='bridge'>
<mac
2013 Nov 19
2
macvtap direct and ip spoofing
Hi there. I have configured kvm domain (rhel6.4) with ethernet bridged over
macvtap, and found no filtration applied except mac. 'virsh' just silently
ignoring attributes 'filterref' and 'ip address' in different formats. No
error on validate stage. Config examples:
...
<interface type='direct'>
<mac address='52:54:00:31:ae:1a'/>
2023 Apr 24
13
[Bug 1674] New: ebtables causing packet loss
https://bugzilla.netfilter.org/show_bug.cgi?id=1674
Bug ID: 1674
Summary: ebtables causing packet loss
Product: ebtables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: critical
Priority: P5
Component: ebtables-nft
Assignee: pablo at netfilter.org
2006 May 06
2
Bug#366216: vif-bridge: offlining the interface fails because interface already offline
Package: xen-utils-3.0
Version: 3.0.2+hg9656-1
Severity: normal
My setup is a basic one. No changes to the /etc/xen/* files.
Network in a domU works perfectly fine.
But, after shutdowning a domU, I can see the following lines in
/var/log/debug:
May 6 10:31:45 vaio logger: /etc/xen/scripts/vif-bridge: offline XENBUS_PATH=backend/vif/18/0
May 6 10:31:46 vaio logger: /etc/xen/scripts/vif-bridge:
2013 Apr 23
1
Lack of ebtables rules when using nwfilters
Hi
I am using libvirt (0.9.12) with openstack and xen. It looks like libvirt
is not creating ebtables rules against arp spoofing etc. Here are my
configs:
VM definition:
<domain type='xen'>
<uuid>d49b777f-32f1-4093-ae47-a12efd0efd2c</uuid>
<name>instance-00000168</name>
<memory>2097152</memory>
<os>
2008 Mar 25
5
Assign Physical NIC to domU
Hello everyone!
Well i want to know, if there is a way to specify a
physical nic (like eth0 or eth1) to a
domU and how can i do it.
The server has two nics, what i want to do is assign
physical nic (eth0) to the dom0 and assign physical
nic (eht1) to the domU.
I appreciate your help.
Regards
Ivan
____________________________________________________________________________________
Be a
2008 Feb 07
1
Filtering traffic to Xen guest machines
Hello.
I''ve just started using Xen. My configuration is plain simple: I''ve got a
Centos 5 Host with Xen and a single virtual machine which also uses Centos 5.
Both of them have real IPs of the same real network.
Now, I have to delegate the server administration to an external company which
I don''t trust, so I''d want to filter any connection started by the
2007 Oct 07
9
RESOLVED: Debian Xen + Broadcom NetXtreme II (IBM x3655 7985-AC1)
I have a new x3655 IBM and whenever the /etc/xen/scripts/network-bridge
script starts, the ethernet would no longer work. This post isn''t about
the cause, but the fix. I did a lot of tcpdumps and Googling, but I''ll
spare you that. All they do is prove that yes, there is an issue. :)
I tried Debian 4.0 i386/amd64 and Ubuntu 7.04 Server i386/amd64 and they
all exhibit the
2006 Jul 21
5
linux transparent bridge running squid
Hi I have been using Shorewall for a while now and find it very useful and easy to configure, I am learning iptables and having trouble getting the bridge to successfully work with squid, although I get it working with Shorewall straight away? Does anyone know the rules to successfully use squid with a transparent bridge?
Internet – router - (bridge eth0 – eth1) – local lan
auto lo
iface lo
2007 May 30
4
Proxy ARP with a Coyote Point equalizer
Here is a puzzle.
I have a network with several servers. It''s a mess. It''s a /24 and
pieces and servers are all over the place inside this /24 block, on both
sides of the firewall. For example, the router at 1.2.3.1 is outside
the firewall and many of the servers at 1.2.3.nnn/24 are behind the
firewall. (Obviously, 1.2.3.nnn is a fudged network.)
eth0 points outward to
2006 Aug 28
4
Applying the same class to multiple interfaces
Hi All,
I''m trying to do some traffic shaping on an ethernet bridge. Currently,
I have the following setup working:
ifconfig eth0 down
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
brctl stp br0 off
ifconfig eth0 0.0.0.0 up
ifconfig eth1 0.0.0.0 up
ifconfig br0 up
This creates a bridge consisting of eth0 and eth1. So far so good.
I now want to use tc to shape traffic
2007 Apr 18
2
[Bridge] Bridge firewall
Hi,
I'm relatively new to linux world.I'm just trying to setup a bridge firewall
between a router and LAN.
I've installed Red Hat Linux 9.0 - 2.4.20-8 from installation CDs and
upgraded to 2.4.25 successfully.
I've patched my kernel to support bridge firewall also loaded ebtables
module,so far so good.Now I tried to create a bridge using the code given in
the following link
2011 Apr 26
6
vif-common.sh and iptables
Hey everyone,
I have a question about vif-common.sh. I run multiple bridges attached
on dummy interfaces, which allow me to put guests in seperate subnets
(routed through the dom0). As you might expect I already have quite
extensive iptables scripts to accomidate this kind of routing.
I was just hoping someone on this list can confirm, that I understand
what the iptables lines in vif-common.sh
2008 Mar 05
16
Intel VT-d Support
Hello all,
please tell me, how can I be sure that
my Xen installation is built with Intel VT-d support?
Something like
xm info | grep -i KEY-REGULAR-EXPRESSION
xm dmesg | grep -i KEY-REGULAR-EXPRESSION
What line I should look for?
And if it''s really built with it,
how can I be sure, that Xen has successfully
initialized VT-d hardware?
I have read [1] and the lists archives
2006 Dec 28
4
filter policy drop and allow transparent proxy
Trying to use the policy drop rule with the bridged firewall, when I
removed the first line the transparent proxy works great? It seems a
bit strange as from reading several articles on it I thought the
following occurs.
1st line - if it doest match it gets dropped on the local filter input.
2nd line - redirects the traffic off the link layer into the network
layer ready for line 3.
3rd line -
2008 Mar 07
7
[Bridge] bridge, vlan and *no* stp/bpdu
Hello list,
I've posted here about this before, but I realise that it may have been
assumed that the bridged vlans simply put a switch port in a blocking
state and left my question ignored. So to recap.
I have two tg3 interfaces named 'in' and 'out' and a bridge named 'br0'
My vlan trunk is on the 'in' side of the network, and set as in.2, in.3
... The