[Gllug] Logging in iptables and Debian install woes
Andy Smith
andy at lug.org.uk
Fri Apr 28 11:31:15 UTC 2006
On Fri, Apr 28, 2006 at 11:55:38AM +0100, Tet wrote:
> I've installed Xen. Which has screwed around with my networking in
> various unpleasant ways. I can understand what it does for virtual
> machines. But I can't really see the need to mess around with the way
> dom0 talks to the outside world. But it does. The most obvious symptom
> of this is that packets no longer go via the OUTPUT chain. At least,
> not directly. They go via the FORWARD chain too (or instead of?).
Incidentally has anyone got a simple explanation of how, with xen
3.x (bridged networking), to use iptables in dom0 for protecting
domUs? In xen 2.x this was quite simple if you used named vifs; all
traffic to/from a domU went in/out via the vif and you could use
--physdev-in / --physdev-out to match it.
Now I can't make head nor tail of where it is all going from/to and
why I seem to see the same packets multiple times. And no one else
seems to know either.
Cheers,
Andy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20060428/c4219a0b/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list