|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] Isolating DomU / Networking
Hi I want to secure/isolate all running DomU's (HVM) against each other, So no DomU should see (IP-level, MAC/Broadcast level) the other DomU's I found a patch for the creation of a DomU at http://www.d7031.de/text/xen_with_lvm_under_etch.shtml (near the bottom) It seems that this did not work for me :-( Regardless of the ebtables rules I could change my IP address and still could do whatever I wanted in the network. Therefore I started to dig deeper in the network-configuration which gave me some more questions: I did ping between 2 DomUs (Id 14 and 16) and watched the traffic with tcpdump -i $iface -n host $ip1 or host $ip2 and tried to find out which interfaces the traffic crosses. [root@xen02 ~]# brctl show bridge name bridge id STP enabled interfaces xenbr1 8000.001b78054bee no peth1 tap0 tap1 vif14.0 vif16.0 Here is my result: Iface packed seen expected --------------------------------------------- any double ~ xenbr1 yes yes tap0 yes no tap1 yes no vif14.0 no no vif16.0 no no peth1 no yes What is most confusing is that i a) see the packets on tap0 and tap1 b) but no packets on vif14.0 and vif16.0 ... Can anyone explain why this is the case? Best regards Danny ------------------------------------------------------------------- DT Netsolution GmbH - Taläckerstr. 30 - D-70437 Stuttgart Geschäftsführer: Daniel Schwager, Stefan Hörz - HRB Stuttgart 19870 Tel: +49-711-849910-32, Fax: -932 - Mailto:daniel.schwager@xxxxxxxx _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |