similar to: iptables drop on virtual host

Trying to use the policy drop rule with the bridged firewall, when I removed the first line the transparent proxy works great? It seems a bit strange as from reading several articles on it I thought the following occurs. 1st line - if it doest match it gets dropped on the local filter input. 2nd line - redirects the traffic off the link layer into the network layer ready for line 3. 3rd line -

Hi folks, in 2.4 kernels, device matching for bridged packets was done with iptables -i/-o. Since 2.6, I was used to use -m physdev here. In 2.6.18, This seems to be more complicated. At least the filter/INPUT chain now doesn't match with -m physdev --physdev-in anymore, but FORWARD and OUTPUT does. I also read the note that -m phydev is now deprecated for non-bridged traffic. Does this

Package: xen-utils-common Version: 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5 Severity: important Tags: patch security -- System Information: Debian Release: 9.4 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),

Hi all! After upgrading to Squeeze, I am watching a Xen VMHost that after a while it hangs. This did not happen when I was using Xen with Debian Lenny (in this case as with Squeeze, the Xen components are from Debian repositories). In each case I connected a keyboard and monitor to the computer and the screen remained black without answering any key. This problem seems to also affect domUs,

Hi, I'm not sure but I think I suffer under the same problem with a bit different setup with squeeze testing and xen 4.0rc5. In fact I'm using bridges in the dom0 and the connections to the domU get lost sporadically. In don't see where's a solution to the problem... Is it now a bug? When it's an iptables bug, where's the corresponding bug in the iptables bugtracker

Hi all !! I would to like to mark and route some kind of traffic (ie: outbound www, now by simplicity) ---inet1--------eth0------------| | | linux | --eth1------- clientes ---inet2(90.0.0.1)--------eth2-| | I have eth0 and eth1 bridged (eth2 is not bridged). I would to route www outbound clients

Hi all !! I would to like to mark and route some kind of traffic (ie: outbound www, now by simplicity) ---inet1--------eth0------------| | | linux | --eth1------- clientes ---inet2(90.0.0.1)--------eth2-| | I have eth0 and eth1 bridged (eth2 is not bridged). I would to route www outbound clients

Hi, I''ve been making leaps and strides with Xen on FC4. It has been easy to get installed and to start our first virtual host. I''ve got one outstanding issue with iptables that is preventing me progressing further. This is a colo''d server. It has s single NIC with public IPs. The bridge is set to come up binding vif* <> xen-br0 <> eth1. I can start a

Problem still not solved, or any idea whats wrong. here are some msgs: device vif1.0 entered promiscuous mode alloc irq_desc for 1246 on node 0 alloc kstat_irqs on node 0 brI: port 2(vif1.0) entering learning state device vif1.1 entered promiscuous mode brE: port 2(vif1.1) entering learning state physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for

Hi, I have a suspicious problem with multiple uplinks configuration. First of all my configuration: 1) kernel 2.6.20.3 2) iptables 1.3.7 3) last iproute (for masked marks) All wan interfaces are bridged (stp disabled) in only one interface (wan0), all lan interfaces are bridged (stp enabled) in only one interface (zlan0). The wan0 bridge is to allow UPnP works. To allow related

Hi, I''m running RH9 Linux and I''m having a slight problem with shorewall, i originally set it up as a two card configuration, but i have now bridged the connections in an attempt to get my WiFi network communicating with the wired network (eth0 and wlan0). I have followed the instructions for bridging from http://www.shorewall.net/bridge.html but when I activate shorewall i get

Hey everyone, I have a question about vif-common.sh. I run multiple bridges attached on dummy interfaces, which allow me to put guests in seperate subnets (routed through the dom0). As you might expect I already have quite extensive iptables scripts to accomidate this kind of routing. I was just hoping someone on this list can confirm, that I understand what the iptables lines in vif-common.sh

Bernd wrote: > -----Original Message----- > From: libvirt-users-bounces@redhat.com [mailto:libvirt-users- > bounces@redhat.com] On Behalf Of Lentes, Bernd > Sent: Thursday, March 19, 2015 5:12 PM > To: libvirt-users@redhat.com > Subject: Re: [libvirt-users] still possible to use traditional bridge network > setup ? > > Laine wrote: > > ... > > Hi Laine,

I put this page together just so I won't spam the board anymore begging for help..lol http://bobhoffman.com/vmissue.html This shows a working effort of bonded eths, bridged into a vm, and a few other things. The only missing thing is something on the host that ends up putting the VM internet connection into some kind of limbo. Whether it is hardware related, bug related, libvirt nat

Hello! Since i could not find any information on the internet about this subject, i'm going to try my luck on this list. I'm trying to setup network-filter on a routed setup. I have a root-server at Hetzner, a german hosting provider. Along with my server i ordered a (/28) subnet to be able to setup dedicated IPs for my virtual machines (KVM). My Server is running Ubuntu 12.04 with

http://bugzilla.netfilter.org/show_bug.cgi?id=751 Summary: IPv6 bridging bug Product: iptables Version: unspecified Platform: x86_64 OS/Version: Gentoo Status: NEW Severity: normal Priority: P3 Component: ip6tables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: david at

Hi, I have only one ethernet port in a remote server. (eth0) I have a public address with x.x.x.164 netmask 255.255.255.240 gw x.x.x.161 and want to use in my guest OS the next available ip address (x.x.x.165 netmask 255.255.255.240 gw x.x.x.161) Is this posible with brctl to achieve this? I did a file called ifcfg-xenbr0 with: DEVICE=xenbr0 TYPE=Bridge BOOTPROTO=dhcp ONBOOT=yes then

Hi, I have only one ethernet port in a remote server. (eth0) I have a public address with x.x.x.164 netmask 255.255.255.240 gw x.x.x.161 and want to use in my guest OS the next available ip address (x.x.x.165 netmask 255.255.255.240 gw x.x.x.161) Is this posible with brctl to achieve this? I did a file called ifcfg-xenbr0 with: DEVICE=xenbr0 TYPE=Bridge BOOTPROTO=dhcp ONBOOT=yes then

hi, we like to use our server to host many guest system. we use these guests as test for our product testing which can be installed trough pxe install (we reinstall these guest very often). unfortunately it''s not possible to use routed network with pxe boot. so we _need_ bridged setup kvm with config as described in:

Hi, I'm trying to configure nwfilter for KVM, but so far I haven't managed to figure out a working configuration. Network setup: The dom0 (Debian 7.1, kernel 3.2.46-1, libvirt 0.9.12) is connected via eth0, part of the external subnet 192.168.17.0/24, and has an additional subnet 192.168.128.160/28 routed to its main address 192.168.17.125. The host's subnet is configured as bridge