similar to: network interface management in bridge firewall configuration

The network-bridge script fails when setting a few sysctls which are only available if ebtables is present in the host kernel. Fix by ignoring the return value of the sysctl command. Signed-off-by: Avi Kivity <avi@qumranet.com> Index: xen/tools/examples/network-bridge =================================================================== --- xen/tools/examples/network-bridge (revision 991)

Hi all, I order to reach maximum performance on my centos kvm hosts I have use these params: - On /etc/grub.conf: kernel /vmlinuz-2.6.18-164.11.1.el5 ro root=LABEL=/ elevator=deadline quiet - On sysctl.conf # Special network params net.core.rmem_default = 8388608 net.core.wmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216

Hello! Recently,I¡¯m doing a security project based upon ipv6.I have built up a bridge to support a transparent firewall.(my system is Fedora Core 2,kernel 2.6.5).In this system ,the version of the iptables is 1.2.7,which does not support ipv6(I have tried it).Thus,I download a new version and test it. The iptables functions in bridge mode,but the ipv6 doesn't work well.In the

I have a tricky problem. I''m going to use Augeas, like here http://projects.puppetlabs.com/projects/1/wiki/Puppet_Augeas#/etc/sysctl.conf to maintain sysctl.conf. However, since iptables is already disabled, when I add more lines to sysctl.conf with augeas and run sysctl -p, the following lines (which are already there) cause a failure. # Disable netfilter on bridges.

Greetings, all: OS: CentOS 6.4 x86_64 Kernel: 2.6.32-358.14.1 I could use some assistance with setting up pulse to load balance my dns servers. I've configured tcp and udp port 53 with the piranha gui, set up arptable rules on the real servers and added the virtual ip to the bond0 interface on the real servers, but I'm still having no luck in getting things going. A dig against the

On 02/26/2014 02:56 PM, Michal Privoznik wrote: > On 25.02.2014 22:45, François Chenais wrote: >> Hello >> >> I'm trying to setup a bridged guest on an ubuntu 13.10 but it doesn't >> work. >> >> (Everything is ok with NAT) >> >> Network sniffing shows that arp replies don't come back to the guest. >> >> >> Test 1

Hi everyone, When i start a libvirt domain (on KVM) with network filtering (using filterref clean-traffic for example), the filter works ! But ... i don't understand how/why it works :( Indeed when i look at ebtables -L iptables-save & arptables-save (and KVM command), I see no filtering rules (which is surprising because clean-traffic requires at least ebtables to be installed). Is it

Hi all, i have a xen 4.3 installation and would like to have a bridge bond szenario: *** eth0 eth1 | | bond0 | br0 | vif = [ ''bridge=br0,mac=xx:xx:xx:xx:xx:xx'' ] *** With the network script in debian wheezy *** /etc/network/interfaces auto bond0 iface bond0 inet manual slaves eth0 eth1

dear All, I'm facing this routing problem, the setup is actualy part of ltsp, but I think this problem is Centos-specific. The server is a Dell Poweredge R210. The install is standard 6.4, updated. I have one nic facing the public internet: vi /etc/sysconfig/network-scripts/ifcfg-em1 DEVICE=em1 BOOTPROTO=none HWADDR=d4:ae:52:c1:28:2b NM_CONTROLLED=no ONBOOT=yes TYPE=Ethernet

Hi! The Netfilter project presents: arptables 0.0.5 arptables is the userspace command line program used to configure the Linux 2.4.x and later ARP packet filtering ruleset. It is targeted towards system administrators. NOTE: This is a release of legacy software. Patches may still be accepted and pushed out to the git repository, which will remain active and accessible as usual

The BOINC project has a screensaver that runs on Windows. I installed BOINC in a virtual machine running Windows XP (32 bit) and copied boinc.scr from the C:\Windows directory onto my 64 bit F13 system. When I run the screensaver I get an error. Any feedback is appreciated. I can run glxgears without any problem. $ wine boinc.scr Wine cannot find the ncurses library (libncurses.so.5).

Hi! The Netfilter project proudly presents: iptables 1.8.3 iptables is the userspace command line program used to configure the Linux 2.4.x and later packet filtering ruleset. It is targeted towards system administrators. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/iptables/downloads.html

hello people, I am trying to launch a windows program, and I'm getting this error: Code: wine: cannot find L"C:\\windows\\system32\\wineboot.exe" err:process:start_wineboot failed to start wineboot, err 2 err:seh:setup_exception_record stack overflow 1164 bytes in thread 0009 eip 6834bad7 esp 00240ea4 stack 0x240000-0x241000-0x340000 Segmentation fault (core dumped) I am under

Hi Martin: Actually, I have installed all the debuginfo for this coredump file. But the netcf debuginfo report "mismatch" as below: warning: the debug information found in "/usr/lib/debug/usr/lib64/libnetcf.so.1.4.0.debug" does not match "/lib64/libnetcf.so.1" (CRC mismatch). So I ignore this warning before. You can check what I did on the attachment

Hi All, I have a usage question about netcf. Why netcf can not rename a existing physical interface dynamically by itself? If you have any other method, please share to me, or can we add support for it in netcf? You can see the following steps for details. Version: netcf-0.2.4-1.el6.x86_64 kernel-2.6.32-431.el6.x86_64 1. Select a existing NIC from host, for example eth1. [root@rhel6 ~]# ncftool

Laine, you are right, some packages mixed: [root@openstack3 ~]# rpm -qa | grep '\(libvirt\|netcf\|libnl\)' | sort libnl-1.1.4-3.el7.x86_64 libnl3-3.2.21-7.el6.x86_64 libnl3-cli-3.2.21-7.el6.x86_64 libnl3-debuginfo-3.2.21-7.el6.x86_64 libnl-debuginfo-1.1.4-3.el7.x86_64 libnl-devel-1.1.4-3.el7.x86_64 libvirt-client-1.1.1-29.el7_0.3.x86_64 libvirt-daemon-1.1.1-29.el7_0.3.x86_64

Hi All, I have one netcf question, please help me to resolve it, thanks. I can set a IFF_RUNNING flag to a bridge device which are no interface device attached. What status of a flag on a bridge device in current kernel?(w/o interface), is this a new change in kernel or other component? In netcf, but there is a patch to fix that flag issue, I can't understand it. fix wrong status of

Hi all, I looked at patching oVirt Server to work with the latest Matahari schema, from Matahari's 'next' branch, version 0.4.0. ovirt-server depends on matahari version 0.0.5, which is currently latest in Fedora, and it is used during Node registration, to enumerate hardware information. Usage extracted from src/host-browser/host-register.rb is as follows: host_list =

On 28.05.2014 15:27, Laine Stump wrote: > On 05/27/2014 09:07 AM, Jianwei Hu wrote: >> Hi All, >> >> I have one netcf question, please help me to resolve it, thanks. >> >> I can set a IFF_RUNNING flag to a bridge device which are no interface device attached. What status of a flag on a bridge device in current kernel?(w/o interface), is this a new change in kernel

Hi Everyone, In order to prevent DomU from entering promiscuous mode, is it just a matter of adding these 2 rules when the vif is created? # Accept packets leaving the bridge going to the domU only if # the destination IP for that packet matches an authorized IPv4 # address for that domU. iptables -A FORWARD -m physdev --physdev-out vif1.0 \ --destination 216.146.46.43 -j ACCEPT