This line in network-brige script fails for me:
# iptables -A FORWARD -m physdev --physdev-in ${dev} -j ACCEPT
iptables: No chain/target/match by that name
$ grep CONFIG_IP_NF_MATCH_PHYSDEV *
xen0_defconfig_x86_32:# CONFIG_IP_NF_MATCH_PHYSDEV is not set
xen0_defconfig_x86_64:# CONFIG_IP_NF_MATCH_PHYSDEV is not set
xen_defconfig_x86_32:CONFIG_IP_NF_MATCH_PHYSDEV=m
xen_defconfig_x86_64:CONFIG_IP_NF_MATCH_PHYSDEV=m
xenU_defconfig_x86_64:CONFIG_IP_NF_MATCH_PHYSDEV=m
As a result, packets don''t get forwarded between eth0 and xen-br0.
-Arun
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
> This line in network-brige script fails for me: > > # iptables -A FORWARD -m physdev --physdev-in ${dev} -j ACCEPT > iptables: No chain/target/match by that nameYou must have antispoof set to true to exercise that path in the script. I''ve now enabled MATCH_PHYSDEV in the 32 and 64 bit xen0 kernels. Thanks, Ian> $ grep CONFIG_IP_NF_MATCH_PHYSDEV * > xen0_defconfig_x86_32:# CONFIG_IP_NF_MATCH_PHYSDEV is not set > xen0_defconfig_x86_64:# CONFIG_IP_NF_MATCH_PHYSDEV is not set > xen_defconfig_x86_32:CONFIG_IP_NF_MATCH_PHYSDEV=m > xen_defconfig_x86_64:CONFIG_IP_NF_MATCH_PHYSDEV=m > xenU_defconfig_x86_64:CONFIG_IP_NF_MATCH_PHYSDEV=m > > As a result, packets don''t get forwarded between eth0 and xen-br0. > > -Arun > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Ian Pratt wrote:>>This line in network-brige script fails for me: >> >> # iptables -A FORWARD -m physdev --physdev-in ${dev} -j ACCEPT >> iptables: No chain/target/match by that name > > > You must have antispoof set to true to exercise that path in the script.It was on by default.> I''ve now enabled MATCH_PHYSDEV in the 32 and 64 bit xen0 kernels.Thanks, it fixes networking for VMX domains. -Arun _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel