Quoting Brian Buhrow 30/09/2011 17:24,
Ok. Is it possible to give the NetBSD DomU, under the Linux Dom0 a
public address which attaches to a bridge which connects to the real
ethernet of the Linux external interface? If so, then you could use pf or
ipfilter on that NetBSD DomU to do the filtering you want. Or, perhaps, I
don't understand your problem?
Yes that's the bridge config which I'm actually trying out but the gateway, although it's reachable from the network interface hence the bridge (there's even a rule to accept my guest's mac address), doesn't respond. That's the problem. There's some arp issues involved and I don't know where they lie-in in exactly. But my situation proves the limits of linux/netbsd compatibility in a xen environment on linux dom0s (which I quite high, I must say, everything's fine apart ffs log and this).
As an example, in a bridge configuration, say I've got 10.1.1.1/24 on the dom0 and I want 10.2.2.2/24 on the guest. And the gateway is 10.1.1.254. The procedure from the networking FAQ should do but I get
xx:xx:xx:xx:xx:xx tried to overwrite permanent arp info for 10.1.1.254 repeatedly. Where xx:xx... is the mac address of the gateway.On the dom0, peth0 and eth0 (the name of the bridge in fact) both have network interface's mac address. peth0 has no IP while the bridge, eth0, gets the dom0 IP. The vifs get FE:FF:FF:FF:FF:FF and no IP.
Thanks Pierre-Philipp