Re: [Xen-users] IP blocking

[mail4dla@xxxxxxxxxxxxxx]

Well, first of all, you have to disconnect the vifX.Y from xenbrZ.
Then, you configure an IP address on both ethY (in the DomU) and vifX.Y (in the Dom0). You can dig up my mail on the topic "Re: Poin to point connection" on this list.
If you enable routing, everything should be fine. Of course you also have to make propagate the route back to the DomUs (via your Dom0's IP) on the network.
I can't tell you what to do, because I do not know *excactly* what you're aiming at.
If you're dependent on some sort of provider, i.e. you have rented some server, you're probably best at following the already mentioned approach of using iptables and ebtables. It has the great benefit that you do not need cooperation (or at least, less cooperation) from your provider. However, in the default setup, every DomU has its own MAC address that becomes visible on the network. You should definitely check that this is OK within your network.

Cheers,
dla

On 8/6/07, shacky <shacky83@xxxxxxxxx> wrote:

> I suggest you stop to bridge the DomUs directly to the network.

Could you tell me how I can stop it?

> iptables should also be able to do this on bridge level, but I would not
> consider this a clean approach.

Have you ever used Shorewall to control the routing of the domUs?
Could you help me to understand how to write the iptables rules to
make what I wrote at the beginning of this thread?

I thank you very much for your help! :-)

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users