Displaying 20 results from an estimated 7000 matches similar to: "Disabling iptables on bridge breaks port forwarding for NAT"
2010 Aug 20
0
Libvirt and iptables rule order
Hi,
On RHEL 5.5, I set up iptables rules for forwarding ports to some of my
virtual machines. For example.
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 3380 -j DNAT
--to-destination 192.168.123.2:3389
iptables -I FORWARD -d 192.168.123.2 -i eth0 -p tcp -m tcp --dport 3389
-m state --state NEW -j ACCEPT
These worked fine, and I saved them with 'service iptables save'.
2010 Sep 09
0
Restarting iptables and libvirtd
Hi,
If I issue the commands
# service libvirtd stop
# service iptables stop
# service iptables start
# service libvirtd start
the iptables rules that enable NAT on my virtual networks are not
created when libvirtd is started, even though the networks are set to
autostart and 'virsh net-list' shows them as active. The rules are only
created if I run net-destroy and net-start.
Is this
2010 Apr 16
1
Group Membership and Exec
Hi,
I have a puppet module that I''m using to manage Oracle 11G. I''m using
puppet 0.24.8 on 64-bit CentOS 5.4. Everything works properly except
the execution of the oracle installer. It fails because it believes
that the user it is running as is not a member of the proper groups.
However, the user is in the groups, and if I log in as that user and
run the same command that puppet
2011 Sep 02
0
Network configuration on KVMs
In the Redhat EL6 virtualization guide (
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/sect-Virtualization-Network_Configuration-Bridged_networking_with_libvirt.html
) I read this:
#
Configure iptables
Configure iptables to allow all traffic to be forwarded
across the bridge.
# iptables -I FORWARD -m physdev --physdev-is-bridged -j
ACCEPT
# service iptables
2011 Sep 27
3
[Bug 751] New: IPv6 bridging bug
http://bugzilla.netfilter.org/show_bug.cgi?id=751
Summary: IPv6 bridging bug
Product: iptables
Version: unspecified
Platform: x86_64
OS/Version: Gentoo
Status: NEW
Severity: normal
Priority: P3
Component: ip6tables
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: david at
2010 Aug 20
0
libvirt and Bridging
Hello all,
Basically my problem is how can i access a virtual machine from local
network. I am able to do so from the host PC put not from other PC's
on the same network.
here is my what i did so far
(http://wiki.libvirt.org/page/Networking#NAT_forwarding_.28aka_.22virtual_networks.22.29)
cat '/etc/libvirt/qemu/networks/default.xml'
<network>
2011 Jul 19
3
CentOS 6 - VM network bridge issue
I built a CentOS 6 machine to host several CentOS 6 guest servers. As all guests will be Internet facing I set up the host with two bridged NICs and assigned an Internet facing IP address to br0 and a local IP address to br1.
Each guest was installed using br0 and br1 with virtio drivers. On each I assigned an Internet facing IP address to eth0 and a local IP address on eth1. So far so good. I
2008 Jul 29
0
Strange XEN NAT problem
Hello there,
I''ve got a problem regarding my XEN network setup. First of all, I''ll
just tell you what doesn''t work: the access to a forwarded (natted)
port (e.g. port 80 http) of a dom (no matter if dom0 or domU) to the
servers external ip address (from "inside") does not work (connection
refused). Here''s the layout of my xen virtual network:
2015 Dec 18
0
[ANNOUNCE] iptables 1.6.0 release
Hi!
The Netfilter project proudly presents:
iptables 1.6.0
This release includes accumulated fixes and enhancements for the
following matches:
* ah
* connlabel
* cgroup
* devgroup
* dst
* icmp6
* ipcomp
* ipv6header
* quota
* set
* socket
* string
and targets:
* CT
* REJECT
* SET
* SNAT
* SNPT,DNPT
* SYNPROXY
* TEE
We also got rid of the very very old MIRROR and SAME targets and the
2010 Jun 14
4
Promiscuous mode
Hi Everyone,
In order to prevent DomU from entering promiscuous mode, is it just a matter of adding these 2 rules when the vif is created?
# Accept packets leaving the bridge going to the domU only if
# the destination IP for that packet matches an authorized IPv4
# address for that domU.
iptables -A FORWARD -m physdev --physdev-out vif1.0 \
--destination 216.146.46.43 -j ACCEPT
2006 Feb 22
2
[PATCH] don''t require ebtables in the host kernel
The network-bridge script fails when setting a few sysctls
which are only available if ebtables is present in the host
kernel. Fix by ignoring the return value of the sysctl command.
Signed-off-by: Avi Kivity <avi@qumranet.com>
Index: xen/tools/examples/network-bridge
===================================================================
--- xen/tools/examples/network-bridge (revision 991)
2019 May 27
0
[ANNOUNCE] iptables 1.8.3 release
Hi!
The Netfilter project proudly presents:
iptables 1.8.3
iptables is the userspace command line program used to configure the
Linux 2.4.x and later packet filtering ruleset. It is targeted towards
system administrators.
See ChangeLog that comes attached to this email for more details.
You can download it from:
http://www.netfilter.org/projects/iptables/downloads.html
2013 Jan 09
0
network not accessible through bridged interface but traffic visible
I had a major HD failure and need to rebuild my host server and the virtual
servers that resided on it. I am moving from CentOS 5.6 to CentOS 6.3. I
am using the same configuration, as best as I can tell, that was working
only hours ago on 5.6 but does not work on 6.3. My guest server can see
network traffic on the bridged network device but I cannot seem to interact
with it. Iptables turned
2007 Jun 27
0
Bug#430778: xen-utils-common: NAT scripts not generic enough, and made for DHCP ?
Package: xen-utils-common
Version: 3.0.3-0-2
Severity: normal
I cannot find a use the network-nat and vif-nat provided in the general case, where I'd like to NAT between vifx.0
and ethx interfaces.
I have setup the following in /etc/xen/xend-config.sxp :
## Use the following if network traffic is routed with NAT, as an alternative
# to the settings for bridged networking given above.
2007 Apr 18
0
[Bridge] NAT on a bridge (solved sortof)
Torsten,
I suffered a similar problem and was wondering if you found a better
solution to the problem of dnatting on a transparent bridge.
My setup: INTERNET <-> ROUTER <-> (linux)BRIDGE <-> INTERNAL NETWORK
Solution: setup a bridge with ip x.x.x.51 and alias another ip to the
bridge x.x.x.50 ( using a /16 network at home ) Now get the router to
send all incomming traffic
2007 Apr 23
1
NAT: pings/DNS works but not the rest
Hello everybody,
I''m new to Xen so forgive me if this is already well known issue.
I''m using Ubuntu server 7.04 (feisty) with Xen 3.0.3
Everything works perfectly, apart from networking in NAT mode.
With bridging it works, with NAT it works, well, quite strange.
Namely, pings go through and name resolution works.
But when I try to use anything substantial, then
2007 Apr 18
2
[Bridge] Can bridge be 'seen' by ip6tables?
Hello!
Recently,I¡¯m doing a security project based upon ipv6.I have built up a bridge to support a transparent firewall.(my system is Fedora Core 2,kernel 2.6.5).In this system ,the version of the iptables is 1.2.7,which does not support ipv6(I have tried it).Thus,I download a new version and test it.
The iptables functions in bridge mode,but the ipv6 doesn't work well.In the
2010 Mar 16
2
What kernel params to use with KVM hosts??
Hi all,
I order to reach maximum performance on my centos kvm hosts I have use these params:
- On /etc/grub.conf:
kernel /vmlinuz-2.6.18-164.11.1.el5 ro root=LABEL=/ elevator=deadline quiet
- On sysctl.conf
# Special network params
net.core.rmem_default = 8388608
net.core.wmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
2013 Aug 14
12
xen 4.3 - bridge with bonding under Debian Wheezy
Hi all,
i have a xen 4.3 installation and would like to have a bridge bond szenario:
***
eth0 eth1
| |
bond0
|
br0
|
vif = [ ''bridge=br0,mac=xx:xx:xx:xx:xx:xx'' ]
***
With the network script in debian wheezy
***
/etc/network/interfaces
auto bond0
iface bond0 inet manual
slaves eth0 eth1
2019 Dec 02
0
[ANNOUNCE] arptables 0.0.5 release
Hi!
The Netfilter project presents:
arptables 0.0.5
arptables is the userspace command line program used to configure the
Linux 2.4.x and later ARP packet filtering ruleset. It is targeted
towards system administrators.
NOTE: This is a release of legacy software. Patches may still be
accepted and pushed out to the git repository, which will remain active
and accessible as usual