|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Xen anti-spoof firewall issue with routing on a VM
Hi, On one of our server, we have a VM which does BGP routing, and routes a full class C (let's pretend the network is 12.34.56.0/24). I'm using Xen 4.0 from Debian Squeeze (unmodified package). We use, in /etc/xen/xend-config.sxp: (network-script 'network-bridge antispoof=yes') The issue is that the anti-spoof firewall of Xen prevents the networking to work for other VMs which will use 12.34.56.1 as gateway. If I do: iptables -I INPUT -j ACCEPT iptables -I FORWARD -j ACCEPT of course, it does work, but that's not what I want. I really want to have the anti-spoofing feature to be there. Also, if I add let's say 12.34.56.5 to the xen startup file of the VM that does the BGP routing, it doesn't work (eg: 12.34.56.5, which is used by another VM, is still not routed). What's the solution here? Also, is there a plan for ipv6 support on this anti-spoof firewall? If there's things to contribute so that the above can be done, I'd be happy to work on that, so that anti-spoofing can be done. Last, if I switch to xl instead of xm, is there a way to still have the anti-spoof feature which is so nice? Cheers, Thomas Goirand P.S: Has anyone tried the new XCP packages available in Debian SID since Christmas? I've uploaded last week-end v1.3-15 in SID, after a long work with Mike and Jon on it, and I believe it works quite well now, but feed-back would be appreciated! Please see the QA page: http://qa.debian.org/developer.php?login=pkg-xen-devel@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |