WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Xen
Home Products Support Community News

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
<prev [Thread] next>

Re: [Xen-users] Firewalls

from [Tom Eastep] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Firewalls
From: Tom Eastep <teastep@xxxxxxxxxxxxx>
Date: 2006年4月15日 07:23:26 -0700
Cc: Dick Davies <rasputnik@xxxxxxxxx>
Delivery-date: 2006年4月15日 07:24:06 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <3f1760604150453s73560b30v80d27c34e778ac67@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <20060407090406.2a25baee@xxxxxxxxxxxxxxxxx> <20060410163925.36d53b8c@xxxxxxxxxxxxxxxxx> <3f1760604150453s73560b30v80d27c34e778ac67@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.1 
On Saturday 15 April 2006 04:53, Dick Davies wrote:
> > Tom Eastep <teastep@xxxxxxxxxxxxx> wrote:
> > > When xend starts,
> > > it creates a bridge (xenbr0) through which all traffic into and out
> > > of eth0 flows. See the first part of
> > > http://www.shorewall.net/Xen.html for details.
>
> Thanks for the link Tom.
>
> Is this why I can't reuse my existing iptables rules in dom0?
> I assumed the stock xen3.0.1 dom0 kernel was missing some modules.
The reason that you can't use your existing iptables rules in a Xen dom0 is 
that the networking configuration after xend starts is different from the 
environment before xend starts (there is a bridge added and traffic passing 
through that bridge is visible to netfilter; there are also additional 
interfaces added but those interfaces have no IP configuration so they don't 
present a compatibility problem).
In short, you cannot expect an existing set of iptables rules to work after 
you make a significant change to the network configuration of the host.
-Tom
-- 
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@xxxxxxxxxxxxx
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

Attachment: pgpDd7Nq6JYiK.pgp
Description: PGP signature

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date: [Xen-users] /lib/tls.disabled does not work , Srinivasan S
Next by Date: Re: [Xen-users] Error: (2, 'No such file or directory') , Morten Christensen
Previous by Thread: Re: [Xen-users] Firewalls , Dick Davies
Next by Thread: Re: [Xen-users] Firewalls , Dick Davies
Indexes: [Date] [Thread] [Top] [All Lists]

Copyright ©, Citrix Systems Inc. All rights reserved. Legal and Privacy
Citrix This site is hosted by Citrix

AltStyle によって変換されたページ (->オリジナル) /