Hi, How can we get antispoof to work correctly? I can still assign any ip address in domU The goal is is to prevent domU instances from using IP address assigned to other customers. (network-script network-bridge vifnum=0 netdev=eth0 bridge=xenbr0 antispoof=yes) (vif-antispoof yes) Is in the xend-config.sxp file and using FC6 rpms. Please help.. -L -- Larry Ludwig _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On 23 Feb 2007 at 18:49, Larry Ludwig wrote:> Hi, > > How can we get antispoof to work correctly? I can still assign any ip > address in domU > > The goal is is to prevent domU instances from using IP address assigned to > other customers.I''m afraid a user can do to a virtual box what he can do to a real box. Normal UNIX users cannot assign IP adresses. Root can do. Root is responsible for the machine. What should XEN do about that? Regards, Ulrich> > (network-script network-bridge vifnum=0 netdev=eth0 bridge=xenbr0 > antispoof=yes) > (vif-antispoof yes) > > Is in the xend-config.sxp file and using FC6 rpms. > > Please help.. > > -L > > -- > Larry Ludwig > > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
> ------------------------------ > > Message: 4 > Date: Mon, 26 Feb 2007 09:44:25 +0100 > From: "Ulrich Windl" <ulrich.windl@rz.uni-regensburg.de> > > I''m afraid a user can do to a virtual box what he can do to a > real box. Normal > UNIX users cannot assign IP adresses. Root can do. Root is > responsible for the > machine. What should XEN do about that? >Then what is the purpose of antispoof? I thought antispoof is like a level 3 switch that a domU can only then use the Ips assigned to it? Explain then what antispoof should be used for? -L -- Larry Ludwig Empowering Media 1-866-792-0489 x600 Have you visited our customer service blog? http://www.supportem.com/blog/ _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users