Hello all, Sorry if this has been asked before, but Googling did not give me any answers.. I would like to use Firehol (iptables configurator) on a Xen Dom0 - does anyone has a recipe for that? I can use Firehol on the DomUs but not on the Dom0 - all network access is stopped when I activate Firehol. Any pointers or help would be appreciated - it''s good to protect my Dom0 because now it''s open for VNC clients for instance on ports 590x and I want to limit that to our own network. Thanks, John _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi John, i don''t know Firehol, but you should be able to set (vnc-listen ''a.b.c.d'') in /etc/xen/xend-config.sxp where a.b.c.d is the ip of a dom0 interface. this defaults to 127.0.0.1, 0.0.0.0 listens on all interfaces. cheers Stephan> Any pointers or help would be appreciated - it''s good to protect my Dom0 > because now it''s open for VNC clients for instance on ports 590x and I > want to limit that to our own network._______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi, I could give you something that works-ish .. but DON''T .. firehol will make your system unstable and unpredictable. Avoid all iptables stuff in the Dom0 and stick it in the DomU''s instead .. (!) ----- Original Message ----- step 3.: "John" <info@j9s.nl> To: xen-users@lists.xensource.com Sent: 13 February 2008 11:49:14 o''clock (GMT) Europe/London Subject: [Xen-users] Xen and Firehol Hello all, Sorry if this has been asked before, but Googling did not give me any answers.. I would like to use Firehol (iptables configurator) on a Xen Dom0 - does anyone has a recipe for that? I can use Firehol on the DomUs but not on the Dom0 - all network access is stopped when I activate Firehol. Any pointers or help would be appreciated - it''s good to protect my Dom0 because now it''s open for VNC clients for instance on ports 590x and I want to limit that to our own network. Thanks, John _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
> I can use Firehol on the DomUs but not on the Dom0 - all network access > is stopped when I activate Firehol. > > Any pointers or help would be appreciated - it''s good to protect my Dom0 > because now it''s open for VNC clients for instance on ports 590x and I > want to limit that to our own network. > > >I might suggest a ssh tunnel for your vnc sessions over ssh and connect to that..... I mean if you really need VNC.. there is a command line thing that will ssh -L 8001:localhost:5901 user@hostname.co.jp Then connect to localhost:8001 w/vnc..... If you REALLY REALLY NEED IT. E./ _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users