[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] IPtables configuration problem
Hello all! I am trying to configure iptables to count traffic of my DomUs and to block traffic if DomU uses incorrect IP address. The problem is, it seems, that iptables does not see the traffic routed throw a bridge. My configuration is: Dom0 ip, let it be: 10.0.0.1 domUs subnet: 10.0.1.8/27 on dom0 dummy0 interface with ip 10.0.1.8 is up and it is connected to virtual interfaces via xenbr1: [root@xen scripts]# /usr/sbin/brctl show bridge name bridge id STP enabled interfaces virbr0 8000.000000000000 yes xenbr0 8000.feffffffffff no peth0 vif0.0 xenbr1 8000.6ef521bb1b21 no vif2.0 tap2 vif1.0 vif1.1 tap1 tap0 pdummy0 vif0.1 The network works fine, but iptables does not count any packets from/to domUs: Chain FORWARD (policy ACCEPT 21318 packets, 4877K bytes) pkts bytes target prot opt in out source destination 11326 1715K LOG all -- any any anywhere anywhere LOG level debug 0 0 ACCEPT all -- any any 10.0.1.12 anywhere PHYSDEV match --physdev-in vif2.0 0 0 ACCEPT udp -- any any anywhere anywhere PHYSDEV match --physdev-in vif2.0 udp spt:bootpc dpt:bootps Whats going wrong? My system is CentOS 5.2, xen version 3.0.3 Thank you in advance for any help!!! Best Regards, Ivan _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |