[ovirt-users] Associate IP addresses to MAC addresses (anti-spoofing rules)
andre at andregustavo.org
Tue Sep 13 21:53:30 UTC 2016
I forgot to comment
It is a public network (Public IP)
I have 2 servers and 1 router
I hired a "IP block" that can be accessed through the router
IPs: 188.8.131.52 - 184.108.40.206
Gateway: 220.127.116.11 (router)
I provide to my client a public IP directly in VM
I want to prevent a customer responds by another customer
or take another ip available for himself
Since that my client has access to the "User Portal"
The "clean-traffic" filter will prevent it change the ip when it shut down
and restart the VM?
2016-09-13 5:57 GMT-03:00 Marcin Mirecki <mmirecki at redhat.com>:
> Hi André,
> The best separation would be providing a separate network for each
> This way you could protect them from other malicious users on your
> internal networks.
> Please describe your env in some more detail.
> ----- Original Message -----
> > From: "André Gustavo" <andre at andregustavo.org>
> > To: Users at ovirt.org
> > Sent: Monday, September 12, 2016 8:33:40 PM
> > Subject: [ovirt-users] Associate IP addresses to MAC addresses
> (anti-spoofing rules)
> > Aloha,
> > I'm using oVirt 4 in my hosting.
> > However, easily a customer can change the IP to another client (IP
> > In vNIC profiles, altered Network Filter
> > from "VDSM-on-mac-spoofing" to "no-ip-spoofing"
> > It worked partially, but if the client power off 'vm' and turn on the
> > he can perform the change in IP
> > I tried to use eptables, but also had problems
> > http://ebtables.netfilter.org/examples/basic.html#ex_anti-spoof
> > What is the best option?
> > --
> > ---
> > André Gustavo Timermann
> > Curitiba/PR - Brasil
> > _______________________________________________
> > Users mailing list
> > Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
André Gustavo Timermann
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users