Xen users - Oct 2006 - ip source access policy per domU

Is there a recommended per guest configuration directive to specify  
the only IP allowed to traverse traffic (ingress/egress) via the  
virtual bridge to the domU?

Current suggestions include MAC based ip access control at the layer  
3 level, however I''d like to know if there is a more granular method  
of controlling IP based usage per guest, because it now appears that  
all IG/EG traffic over the switch port only sees the MAC address for  
dom0.

E.g. netmask 10.0.0.0/24 limit guest domain to 10.0.0.10 and not  
allow traffic from any other source addresses on this netmask.

Thanks

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Monday 02 October 2006 12:09 pm, Thomas wrote:
> Is there a recommended per guest configuration directive to specify
> the only IP allowed to traverse traffic (ingress/egress) via the
> virtual bridge to the domU?
>
> Current suggestions include MAC based ip access control at the layer
> 3 level, however I''d like to know if there is a more granular
method
> of controlling IP based usage per guest, because it now appears that
> all IG/EG traffic over the switch port only sees the MAC address for
> dom0.
>
> E.g. netmask 10.0.0.0/24 limit guest domain to 10.0.0.10 and not
> allow traffic from any other source addresses on this netmask.
Use ebtables on xenbr0:

http://ebtables.sourceforge.net/

-- 
James Oakley
Engineering - SolutionInc Ltd.
joakley@solutioninc.com
http://www.solutioninc.com

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users