[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Security in Virtual Machine



On Tue, May 21, 2013 at 5:51 AM, Alberto <alberto@xxxxxxxxxxx> wrote:
Hi Everybody,

I have a HOST (Server Fisico) connected to internet. It have 2 network cards, the first one (eth0) connected to the router, another (eth1) is connected to LAN.
eth1 is bridged to virtual machines network, and one of them (virtual1) have an HTTP Server. Everything is running correctly.


Escenario
I have IPTABLES Firewall running on the HOST with DNAT forwarding HTTP traffic to Virtual1. I have IPTABLES Rules in HOST, for block some IPs that give me problems, but these rules not protect to Virtual1. All HTTP traffic is forwarded to Virtual1, even the source IP is blocked for IPTABLES rules.

If I understand your problem correctly...

Did you do the following?

echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables

To check:

cat /proc/sys/net/bridge/bridge-nf-call-iptables
cat /proc/sys/net/bridge/bridge-nf-call-ip6tables

Hope this helps!

Thanks.

Kindest regards,
Giam Teck Choon


 

I had an attack, and I couldn't block the HTTP traffic about Virtual1, the IPTABLES rules not affect it.

What can I do for give security to Virtual machines?

Thanks a lot
Alberto




_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.