[one-users] ip spoofing

Ionut Popovici ionut at hackaserver.com
Tue Apr 29 11:56:28 PDT 2014 

On 4/29/2014 7:56 PM, Maxim Terletskiy wrote:
> Thanks for answer.
>
> We're giving white ips from several networks, dhcp not very well fit 
> our needs. So using context for network settings setup.
>
> Now we're looking for solution which prevent vm A with ip X from use 
> of ip Y which belongs to vm B. X and Y are ips from one network in one 
> vlan.
>
> I thought about using iptables/ebtables on border router, but don't 
> understand very well what rules we must apply to drop traffic in case 
> if pair "MAC+IP" is wrong.
>
as iptable/ebtables tha chain that you must filter is FORWARD
good expample is here
http://www.cyberciti.biz/tips/iptables-mac-address-filtering.html

/sbin/iptables -A FORWARD -i ethX -m mac --mac-source  YOUR-MAC-ADDRESS-HERE -j ACCEPT

> 29.04.2014 16:41, Ionut Popovici пишет:
>> On 4/29/2014 2:09 PM, Maxim Terletskiy wrote:
>>> Hi!
>>>
>>> We're using bridged network with vlans and looking for a way to 
>>> assume that client VMs using right ip addresses on their network 
>>> interfaces. Maybe someone already have ideas about how to do it in a 
>>> right way?
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>> of you can transform from less table
>> from less_pool table
>> <LEASE><IP>2886991874</IP><MAC_PREFIX>512</MAC_PREFIX><MAC_SUFFIX>2886991874</MAC_SUFFIX><USED>1</USED><VID>###</VID></LEASE> 
>>
>> where: prefix = first 2 hex of mac
>> mac_suffix: is rest of mac on decimal but can be transformed in hex 
>> the splited
>> for my case:
>> prefix = 02:00:
>> mac_suffix= ac:14:00:02
>> ip= 172.20.0.2
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20140429/7adcf081/attachment-0002.htm>

More information about the Users mailing list