<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 4/29/2014 7:56 PM, Maxim Terletskiy
wrote:<br>
</div>
<blockquote cite="mid:535FD9C1.9030306@emu.ru" type="cite">Thanks
for answer.
<br>
<br>
We're giving white ips from several networks, dhcp not very well
fit our needs. So using context for network settings setup.
<br>
<br>
Now we're looking for solution which prevent vm A with ip X from
use of ip Y which belongs to vm B. X and Y are ips from one
network in one vlan.
<br>
<br>
I thought about using iptables/ebtables on border router, but
don't understand very well what rules we must apply to drop
traffic in case if pair "MAC+IP" is wrong.
<br>
<br>
</blockquote>
as iptable/ebtables tha chain that you must filter is FORWARD <br>
good expample is here<br>
<a class="moz-txt-link-freetext" href="http://www.cyberciti.biz/tips/iptables-mac-address-filtering.html">http://www.cyberciti.biz/tips/iptables-mac-address-filtering.html</a><br>
<br>
<pre class="bash" style="padding: 0.667em 0.917em; margin: 0px 0px 1.833em; background-color: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); overflow: auto; clear: both; font-family: Consolas, 'Andale Mono', Monaco, Courier, 'Courier New', Verdana, sans-serif; font-size: 0.857em; line-height: 1.5em; color: rgb(17, 17, 17); font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-position: initial initial; background-repeat: initial initial;">/sbin/iptables -A FORWARD -i ethX -m mac --mac-<span style="padding: 0px; margin: 0px; color: rgb(122, 8, 116); font-weight: bold;">source</span> YOUR-MAC-ADDRESS-HERE -j ACCEPT</pre>
<blockquote cite="mid:535FD9C1.9030306@emu.ru" type="cite">29.04.2014
16:41, Ionut Popovici пишет:
<br>
<blockquote type="cite">On 4/29/2014 2:09 PM, Maxim Terletskiy
wrote:
<br>
<blockquote type="cite">Hi!
<br>
<br>
We're using bridged network with vlans and looking for a way
to assume that client VMs using right ip addresses on their
network interfaces. Maybe someone already have ideas about how
to do it in a right way?
<br>
_______________________________________________
<br>
Users mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a>
<br>
<a class="moz-txt-link-freetext" href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a>
<br>
</blockquote>
of you can transform from less table
<br>
from less_pool table
<br>
<LEASE><IP>2886991874</IP><MAC_PREFIX>512</MAC_PREFIX><MAC_SUFFIX>2886991874</MAC_SUFFIX><USED>1</USED><VID>###</VID></LEASE>
<br>
where: prefix = first 2 hex of mac
<br>
mac_suffix: is rest of mac on decimal but can be transformed in
hex the splited
<br>
for my case:
<br>
prefix = 02:00:
<br>
mac_suffix= ac:14:00:02
<br>
ip= 172.20.0.2
<br>
_______________________________________________
<br>
Users mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a>
<br>
<a class="moz-txt-link-freetext" href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a>
<br>
</blockquote>
<br>
_______________________________________________
<br>
Users mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a>
<br>
<a class="moz-txt-link-freetext" href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a>
<br>
</blockquote>
<br>
</body>
</html>