|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Firewalls
On Saturday 15 April 2006 04:53, Dick Davies wrote: > > Tom Eastep <teastep@xxxxxxxxxxxxx> wrote: > > > When xend starts, > > > it creates a bridge (xenbr0) through which all traffic into and out > > > of eth0 flows. See the first part of > > > http://www.shorewall.net/Xen.html for details. > > Thanks for the link Tom. > > Is this why I can't reuse my existing iptables rules in dom0? > I assumed the stock xen3.0.1 dom0 kernel was missing some modules. The reason that you can't use your existing iptables rules in a Xen dom0 is that the networking configuration after xend starts is different from the environment before xend starts (there is a bridge added and traffic passing through that bridge is visible to netfilter; there are also additional interfaces added but those interfaces have no IP configuration so they don't present a compatibility problem). In short, you cannot expect an existing set of iptables rules to work after you make a significant change to the network configuration of the host. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@xxxxxxxxxxxxx PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key Attachment:
pgpnp7P4Uwn51.pgp _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |