Displaying 20 results from an estimated 9000 matches similar to: "Xen bridge + iptables FORWARD"
2006 Nov 25
0
dom0 iptables FORWARD default DROP?
Hello,
What is the best policy for the FORWARD chain in dom0 iptables?
Can I use a default DROP policy?
I notice when domains are created it adds the extra rules to the
FORWARD chain, to
allow traffic to the guests. However, if iptables is restarted, all
these rules are lost.
Do I need a rule per VPS, or can I use a single catch all to handle all of them?
2010 Apr 30
1
[SPAM] Xen bridge network issue
Hi,
I have taken the long and winding road and indeed it lead me to your door. I
need your help, please.
My Xen includes 2 guests. Xen itself (10.2.0.52) gets free access to the
outside world and to its guests.
Both guests however (10.2.0.54/10.2.0.55) see each other but stay under
house arrest!
Not a single ping manages to go past the bridge (xenbr0) and get an answer
from the default gateway
2006 Oct 06
0
Port forwarding from non-xenbridged external interface to xen-interface
Hello everybody,
I have an odd problem with iptables using a Xen bridge setup. I don''t know if
it would be better to post to netfilter Mailing-List. But I hope someone here
know how to solve it. If it''s OT here, please let me know. I''ll try to do a
little bit ASCII-Graphics to explain the topo better:
_________ ________
2008 Jun 13
2
Compiling from source and networking problem
Hey,
I was originally asking questions on xen-users but no one seems to have any
idea about this so I figured I''d try this list.
I compiled Xen from source (3.2 testing) on an Intel machine running Fedora
Core 8 and have discovered that my guest (Windows Vista) does not have a
network connection.
Looking at various online documentation and a machine that does work, I
guessed that I
2006 Aug 31
0
[Xense-devel] [RFC][PATCH][ACM] enforcing ACM policy on network traffic between virtual network interfaces
This patch adds an ACM hook into the network scripts (/etc/xen/scripts).
It adds iptables rules that enforce mandatory access control on network
packets exchanged between virtual interfaces. If ACM is active, this
patch sets the default FORWARD policy in Dom0 to DROP and adds iptables
ACCEPT rules between vifs that belong to domains that are permitted to
share (determined by using the
2006 Jan 28
3
Shorewall/Xen setup (correct from-address this time)
(if this post gets line-feed-mangled please read
http://www.dl.reneschmidt.de/shorewallxenpost.txt - that''s an unmangled
version, thank you)
Hello,
first I would like to thank the Mr. Eastep and contributors for this great piece
of software and superb documentation.
I have a SOHO server (Debian testing) that I''m using for several purposes so
I''ve set up a Xen
2010 Aug 31
2
errors when xend starts
When starting xend i see the following errors on the console. I''m
running CentOS 5 as the operating system with kernel 2.6.32.18 from
4.0.1''s `make prep-kernels`
Below is a log, the things i''m concerned with is the XENBUS errors and
the deprecated iptables stuff. Any ideas whats going on here?
----------------------------------------------------
Bridge
2010 Nov 03
2
XEN 4.0.1 bridged network - antispoof Option does not work
Hello
with XEN 3.4.x antispoof=yes works on a bridge setup.
I am using this line in xend-config.sxp
(network-script ''network-bridge antispoof=yes'')
It creates this under IPTABLES FORWARD chain:
ACCEPT all -- anywhere anywhere PHYSDEV match
--physdev-in peth0
Under XEN 4.0.1 it is not working, it does not create a IPTABLES rule. Customers
can
2010 Sep 09
0
Disabling iptables on bridge breaks port forwarding for NAT
Hi,
Following the directions for setting up bridged networking in the red
hat virtualization guide and libvirt wiki, I set the following kernel
parameters to 0 on a RHEL 5.5 server.
net.bridge.bridge-nf-call-ip6tables
net.bridge.bridge-nf-call-iptables
net.bridge.bridge-nf-call-arptables
Unfortunately, doing this broke the port forwarding I'd set up for VMs
on my NAT networks, e.g.
2010 Jun 14
4
Promiscuous mode
Hi Everyone,
In order to prevent DomU from entering promiscuous mode, is it just a matter of adding these 2 rules when the vif is created?
# Accept packets leaving the bridge going to the domU only if
# the destination IP for that packet matches an authorized IPv4
# address for that domU.
iptables -A FORWARD -m physdev --physdev-out vif1.0 \
--destination 216.146.46.43 -j ACCEPT
2018 Mar 25
8
Bug#894013: xen-utils-common: issue with iptables antispoofing rules in xen4.8 generated by vif-bridge and vif-common.sh
Package: xen-utils-common
Version: 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
Severity: important
Tags: patch security
-- System Information:
Debian Release: 9.4
APT prefers stable
APT policy: (990, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
2009 Nov 03
0
insight on additional adapter
Good day all,
Can anyone give me some insight on the most practical way of adding a
second interface to a dom0 so that certain domu''s have visibility into
another network? I basically have one domu that needs to pass internet
data through eth1 - i''ve been reading the following
http://wiki.xensource.com/xenwiki/XenNetworking#head-602e26cd4a03b992f3938fe1bea03fa0fea0ed8b
and
2011 Aug 08
0
iptables problem under tuned bridge
Hi
this is my bridge structure
=========================================
brctl show
bridge name bridge id STP enabled interfaces
*br0* 8000.0023aea32e26 no *eth0*
*tapxp*
=========================================
I tunneled a tapxp for my xp virtual machine.
host is centos 6 using eth0
2010 Jul 31
1
Arp Flip Flops make machine inaccessible.
CentOS 5.5 Xen "standard" Xen Installation.
I have two nics. I just put the second one to DHCP and modified the
ifcfg-et01 and so far I am holding, but I am not confident. Prior they
were sequential IP Addrs on same subnet.
arpwatch has indicated flip flips. I can find no rhyme or reason to
predict them. I know I missed I must have missed a step somewhere.
I want to keep the
2007 Jul 15
1
bridging and peth0
Hi,
If one sets xend to use network-bridge and there are no bridges
already present then it seems that xend will clone eth0 to peth0,
create xenbr0 and add peth0 and vif0.0 as ports on that bridge.
If on the other hand xenbr0 is created in /etc/network/interfaces
then xend will not do any of that peth0 stuff, nor will it add
vif0.0 to xenbr0, yet (barring some changes in iptables rules)
things
2007 Sep 07
2
Dom0 cannot see network when bridge is enabled
I''ve seen a lot of threads w/ similar problems, but none have posted a
resolution.
I am using Debian 4.0r1 (Etch). I was using the xen packages from
stable, but have tried w/ testing as well and the problem persists.
http://pastie.caboo.se/95144
Host is 10.0.0.20 on network 10.0.0.0/24.
Dom0 is thus 10.0.0.20
DomU is 10.0.0.30
When the bridge is enabled, DomU can ping everything.
2008 Aug 01
3
Xen Networking problem!
Hi,
I ''ve got a CentOS 5.2 server running xen 3.0 with 2 DomUs also running
CentOS 5.2.
All my boxes are up-to date.
I''m experiencing trouble with networking.
Dom0 can reach the outside world when no DomU are started. It can also
reach the outside world when only one DomU is running.
The troubles begin when I start the second DomU. At first, this new
DomU, called DomU2,
2010 Feb 26
1
Bug#571634: xen-utils-common - using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic
Package: xen-utils-common
Version: 3.4.2-2
Severity: important
The network setup uses not longer supported iptables operations:
| physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore.
--
Those who hate and fight must stop themselves -- otherwise it is not stopped.
-- Spock, "Day of the Dove", stardate
2006 Mar 05
1
How vifX.Y and eth talk on dom0 with NAT configuration?
Hi, in the official XenNetworking (
http://wiki.xensource.com/xenwiki/XenNetworking ) i didn''t find reported
how the NAT configuration works with xen.
Does anybody know how the vifX.Y (10.X.X.128), gateway of any domU ethX
(10.X.X.1) talk with the real ethX of the dom0?
Thanks
Enrico
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
2006 Nov 13
0
xen 3.0.3: Problem with setting up iptables (fwbuilder)
hi,
on Friday i did a upgrade vom 3.0.2 to 3.0.3. I get in trouble with my
IPTables rule-set, generated with the fbuilder (2.0.9) tool.
I use as inside device xenbr0 (private-ip) and ppp0 as outside. After
upgrading the scripts from the install, everything blocked, after
starting the firewall. I saw, that xenbr0 does not have any ip, but
eth0, so i changed the inside device from xenbr0 to eth0.