[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] iptables help

  • To: <xen-users@xxxxxxxxxxxxxxxxxxx>
  • From: "Jonathan Tripathy" <jonnyt@xxxxxxxxxxx>
  • Date: Tue, 15 Jun 2010 13:21:40 +0100
  • Delivery-date: Tue, 15 Jun 2010 05:23:15 -0700
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Thread-index: AcsMhU7y9WRsnv7mR3O1qAnWUo1+Hw==
  • Thread-topic: iptables help
Hi Everyone,
 
My Dom0 has a bridge which has its physical NIC added to it. This physical nic is called peth0, and the bridge is called eth0 (fairly standard).
 
I then launch a DomU, and its virtual interface (as seen by the Dom0) is fw0. I only wish to allow traffic from peth0 to fw0 (and vice-versa). The Dom0 has a default policy of:
 
iptables -P FORWARD DROP
 
To try and only allow the above traffic, I try and do:
iptables -I FORWARD -m physdev --physdev-in peth0 --physdev-out fw0 -j ACCEPT
iptables -I FORWARD -m physdev --physdev-in fw0 --physdev-out peth0 -j ACCEPT
 
However those 2 rules don't allow any traffic. The only way I can get it to work is via:
 
iptables -I FORWARD -m physdev --physdev-in peth0 -j ACCEPT
iptables -I FORWARD -m physdev --physdev-out peth0 -j ACCEPT
iptables -I FORWARD -m physdev --physdev-in fw0 -j ACCEPT
iptables -I FORWARD -m physdev --physdev-out fw0-j ACCEPT
 
However those arn't secure really
 
Any help would be appreciated
 
Thanks 
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.