From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Johnson, Michael" Subject: xen configuration Date: Thu, 8 Sep 2005 11:58:17 -0400 Message-ID: Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1767114130==" Return-path: Content-class: urn:content-classes:message List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Mime-version: 1.0 Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org This is a multi-part message in MIME format. --===============1767114130== Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C5B48E.209CD0EF" This is a multi-part message in MIME format. ------_=_NextPart_001_01C5B48E.209CD0EF Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Could you point me to documentation on how to get the xen web interface working? The only documentation I've found says start xensv then open up a browser. I'm get an exception error "no such file or directory" /var/lib/xen/sv. True, it doesn't exist. =20 =20 Also, I'm looking for more detailed documentation on how to install a guest O/S. =20 thanks, Mike ------_=_NextPart_001_01C5B48E.209CD0EF Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Could = you point me=20 to documentation on how to get the xen web interface working?  The = only=20 documentation I've found says start xensv then open up a = browser.  I'm=20 get an exception error "no such file or directory" = /var/lib/xen/sv.  True,=20 it doesn't exist. 
 
Also, = I'm looking=20 for more detailed documentation on how to install a guest=20 O/S.
 
thanks,
Mike
------_=_NextPart_001_01C5B48E.209CD0EF-- --===============1767114130== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel --===============1767114130==-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tom Wilkie Subject: Re: xen configuration Date: Fri, 09 Sep 2005 10:05:00 +0100 Message-ID: <4321503C.6060502@cam.ac.uk> References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: "Johnson, Michael" Cc: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org Right now, XenSV is in a state of flux, so this will probably all change soon... You need to install apache and mod_python, copy the files from /tools/sv / in the reopository to somewhere under you web root (typically /var/www/), and add the following lines to you apache config file: LoadModule python_module modules/mod_python.so AddHandler mod_python .psp PythonHandler mod_python.psp And optionally: PythonDebug On Then it should work if you point you browser at the index.psp page! I did some work on it about a month ago, but my guess is it will need a little more to work smootly again. Cheers Tom Johnson, Michael wrote: > Could you point me to documentation on how to get the xen web interface > working? The only documentation I've found says start xensv then open > up a browser. I'm get an exception error "no such file or directory" > /var/lib/xen/sv. True, it doesn't exist. > > Also, I'm looking for more detailed documentation on how to install a > guest O/S. > > thanks, > Mike > > > ------------------------------------------------------------------------ > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stephen Mack Subject: xen configuration Date: Tue, 7 Oct 2014 20:23:10 -0300 Message-ID: Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1212680475822548192==" Return-path: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: xen-devel@lists.xen.org List-Id: xen-devel@lists.xenproject.org --===============1212680475822548192== Content-Type: multipart/alternative; boundary=001a1135fd5c86e42c0504dd7b94 --001a1135fd5c86e42c0504dd7b94 Content-Type: text/plain; charset=UTF-8 Greetings, I have somewhat of a simple question about xen configuration possibilities. I would like to know if it is possible to restrict the ports from which a xen domain can receive traffic and have all other attempts sent to another domain to be processed. Say for example I have a web server deployed that I only want to accept traffic on port 80 and so it should never receive a request for ftp/ssh/dns/etc. However if such a request ever were to come in for my web server, I want that traffic to be sent to my honeypot for processing, logging and possible remediation. I must say that I am very new to xen and have not read any documentation. I am only looking for feedback if this is possible/feasible and if there are any negative implications of such a configuration. Warm regards! --Stephen --001a1135fd5c86e42c0504dd7b94 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Greetings,

I have somewhat of a simple = question about xen configuration possibilities.

I = would like to know if it is possible to restrict the ports from which a xen= domain can receive traffic and have all other attempts sent to another dom= ain to be processed.

Say for example I have a web = server deployed that I only want to accept traffic on port 80 and so it sho= uld never receive a request for ftp/ssh/dns/etc.=C2=A0 However if such a re= quest ever were to come in for my web server, I want that traffic to be sen= t to my honeypot for processing, logging and possible remediation.=C2=A0

I must say that I am very new to xen and have not re= ad any documentation.=C2=A0 I am only looking for feedback if this is possi= ble/feasible and if there are any negative implications of such a configura= tion.

Warm regards!

--Ste= phen
--001a1135fd5c86e42c0504dd7b94-- --===============1212680475822548192== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel --===============1212680475822548192==-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: Razvan Cojocaru Subject: Re: xen configuration Date: Wed, 08 Oct 2014 11:07:43 +0300 Message-ID: <5434F0CF.4090903@bitdefender.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Stephen Mack , xen-devel@lists.xen.org List-Id: xen-devel@lists.xenproject.org On 10/08/2014 02:23 AM, Stephen Mack wrote: > Greetings, > > I have somewhat of a simple question about xen configuration possibilities. > > I would like to know if it is possible to restrict the ports from which > a xen domain can receive traffic and have all other attempts sent to > another domain to be processed. > > Say for example I have a web server deployed that I only want to accept > traffic on port 80 and so it should never receive a request for > ftp/ssh/dns/etc. However if such a request ever were to come in for my > web server, I want that traffic to be sent to my honeypot for > processing, logging and possible remediation. > > I must say that I am very new to xen and have not read any > documentation. I am only looking for feedback if this is > possible/feasible and if there are any negative implications of such a > configuration. Hello Stephen, I'm not an expert on the subject, but Xen simply uses a bridge (xenbr0) in dom0, so you can either use that or simply configure the firewall directly in your guest, just as you would with any regular machine. You should be able to find more details here: http://wiki.xen.org/wiki/XenNetworking Hope this helps, Razvan Cojocaru From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stephen Mack Subject: Re: xen configuration Date: Wed, 8 Oct 2014 10:19:13 -0300 Message-ID: References: <5434F0CF.4090903@bitdefender.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2022101533909484118==" Return-path: In-Reply-To: <5434F0CF.4090903@bitdefender.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Razvan Cojocaru Cc: xen-devel@lists.xen.org List-Id: xen-devel@lists.xenproject.org --===============2022101533909484118== Content-Type: multipart/alternative; boundary=047d7bf0c2da78f5350504e92995 --047d7bf0c2da78f5350504e92995 Content-Type: text/plain; charset=UTF-8 Thank you Razvan. On Wed, Oct 8, 2014 at 5:07 AM, Razvan Cojocaru wrote: > On 10/08/2014 02:23 AM, Stephen Mack wrote: > > Greetings, > > > > I have somewhat of a simple question about xen configuration > possibilities. > > > > I would like to know if it is possible to restrict the ports from which > > a xen domain can receive traffic and have all other attempts sent to > > another domain to be processed. > > > > Say for example I have a web server deployed that I only want to accept > > traffic on port 80 and so it should never receive a request for > > ftp/ssh/dns/etc. However if such a request ever were to come in for my > > web server, I want that traffic to be sent to my honeypot for > > processing, logging and possible remediation. > > > > I must say that I am very new to xen and have not read any > > documentation. I am only looking for feedback if this is > > possible/feasible and if there are any negative implications of such a > > configuration. > > Hello Stephen, > > I'm not an expert on the subject, but Xen simply uses a bridge (xenbr0) > in dom0, so you can either use that or simply configure the firewall > directly in your guest, just as you would with any regular machine. > > You should be able to find more details here: > > http://wiki.xen.org/wiki/XenNetworking > > > Hope this helps, > Razvan Cojocaru > --047d7bf0c2da78f5350504e92995 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Thank you Razvan.

On Wed, Oct 8, 2014 at 5:07 AM, Razvan Cojocaru <rcojocaru@bitdefender.com> wrote:
On 10/08/2014 02:23 A= M, Stephen Mack wrote:
> Greetings,
>
> I have somewhat of a simple question about xen configuration possibili= ties.
>
> I would like to know if it is possible to restrict the ports from whic= h
> a xen domain can receive traffic and have all other attempts sent to > another domain to be processed.
>
> Say for example I have a web server deployed that I only want to accep= t
> traffic on port 80 and so it should never receive a request for
> ftp/ssh/dns/etc.=C2=A0 However if such a request ever were to come in = for my
> web server, I want that traffic to be sent to my honeypot for
> processing, logging and possible remediation.
>
> I must say that I am very new to xen and have not read any
> documentation.=C2=A0 I am only looking for feedback if this is
> possible/feasible and if there are any negative implications of such a=
> configuration.

Hello Stephen,

I'm not an expert on the subject, but Xen simply uses a bridge (xenbr0)=
in dom0, so you can either use that or simply configure the firewall
directly in your guest, just as you would with any regular machine.

You should be able to find more details here:

http:/= /wiki.xen.org/wiki/XenNetworking


Hope this helps,
Razvan Cojocaru

--047d7bf0c2da78f5350504e92995-- --===============2022101533909484118== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel --===============2022101533909484118==--