similar to: [Bug 751] New: IPv6 bridging bug

Bernd wrote: > -----Original Message----- > From: libvirt-users-bounces@redhat.com [mailto:libvirt-users- > bounces@redhat.com] On Behalf Of Lentes, Bernd > Sent: Thursday, March 19, 2015 5:12 PM > To: libvirt-users@redhat.com > Subject: Re: [libvirt-users] still possible to use traditional bridge network > setup ? > > Laine wrote: > > ... > > Hi Laine,

Hello all, Basically my problem is how can i access a virtual machine from local network. I am able to do so from the host PC put not from other PC's on the same network. here is my what i did so far (http://wiki.libvirt.org/page/Networking#NAT_forwarding_.28aka_.22virtual_networks.22.29) cat '/etc/libvirt/qemu/networks/default.xml' <network>

Hello! Recently,I¡¯m doing a security project based upon ipv6.I have built up a bridge to support a transparent firewall.(my system is Fedora Core 2,kernel 2.6.5).In this system ,the version of the iptables is 1.2.7,which does not support ipv6(I have tried it).Thus,I download a new version and test it. The iptables functions in bridge mode,but the ipv6 doesn't work well.In the

Hi all, i have a xen 4.3 installation and would like to have a bridge bond szenario: *** eth0 eth1 | | bond0 | br0 | vif = [ ''bridge=br0,mac=xx:xx:xx:xx:xx:xx'' ] *** With the network script in debian wheezy *** /etc/network/interfaces auto bond0 iface bond0 inet manual slaves eth0 eth1

Package: xen-utils-common Version: 3.0.3-0-2 Severity: normal I cannot find a use the network-nat and vif-nat provided in the general case, where I'd like to NAT between vifx.0 and ethx interfaces. I have setup the following in /etc/xen/xend-config.sxp : ## Use the following if network traffic is routed with NAT, as an alternative # to the settings for bridged networking given above.

The network-bridge script fails when setting a few sysctls which are only available if ebtables is present in the host kernel. Fix by ignoring the return value of the sysctl command. Signed-off-by: Avi Kivity <avi@qumranet.com> Index: xen/tools/examples/network-bridge =================================================================== --- xen/tools/examples/network-bridge (revision 991)

Hi, Following the directions for setting up bridged networking in the red hat virtualization guide and libvirt wiki, I set the following kernel parameters to 0 on a RHEL 5.5 server. net.bridge.bridge-nf-call-ip6tables net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-arptables Unfortunately, doing this broke the port forwarding I'd set up for VMs on my NAT networks, e.g.

In the Redhat EL6 virtualization guide ( http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/sect-Virtualization-Network_Configuration-Bridged_networking_with_libvirt.html ) I read this: # Configure iptables Configure iptables to allow all traffic to be forwarded across the bridge. # iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT # service iptables

Hi, I am trying to prevent my qemu guest machines from sending IPv6 router advertisements over their network device. To that end, I have written this filter definition: <filter name='no-ipv6-router-advertisement' chain='root' priority='-690'> <rule action='drop' direction='out' priority='600'> <icmpv6 type='134'/>

This patch adds an ACM hook into the network scripts (/etc/xen/scripts). It adds iptables rules that enforce mandatory access control on network packets exchanged between virtual interfaces. If ACM is active, this patch sets the default FORWARD policy in Dom0 to DROP and adds iptables ACCEPT rules between vifs that belong to domains that are permitted to share (determined by using the

Hi, I've been testing the Debian packages ahead of the Debian 7 release (which is very imminent) I believe this is a serious bug[1] in the package, as it appears that HVM networking is broken, or at the very least, requires some undocumented configuration step Specifically: - I can start the HVM domU without any vif - if I attach a vif, the domU will not start Looking at

Hi, I'm trying to configure nwfilter for KVM, but so far I haven't managed to figure out a working configuration. Network setup: The dom0 (Debian 7.1, kernel 3.2.46-1, libvirt 0.9.12) is connected via eth0, part of the external subnet 192.168.17.0/24, and has an additional subnet 192.168.128.160/28 routed to its main address 192.168.17.125. The host's subnet is configured as bridge

Hi all, I order to reach maximum performance on my centos kvm hosts I have use these params: - On /etc/grub.conf: kernel /vmlinuz-2.6.18-164.11.1.el5 ro root=LABEL=/ elevator=deadline quiet - On sysctl.conf # Special network params net.core.rmem_default = 8388608 net.core.wmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216

I have a tricky problem. I''m going to use Augeas, like here http://projects.puppetlabs.com/projects/1/wiki/Puppet_Augeas#/etc/sysctl.conf to maintain sysctl.conf. However, since iptables is already disabled, when I add more lines to sysctl.conf with augeas and run sysctl -p, the following lines (which are already there) cause a failure. # Disable netfilter on bridges.

Package: xen-utils-common Version: 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5 Severity: important Tags: patch security -- System Information: Debian Release: 9.4 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),

I built a CentOS 6 machine to host several CentOS 6 guest servers. As all guests will be Internet facing I set up the host with two bridged NICs and assigned an Internet facing IP address to br0 and a local IP address to br1. Each guest was installed using br0 and br1 with virtio drivers. On each I assigned an Internet facing IP address to eth0 and a local IP address on eth1. So far so good. I

Hi, I''ve been making leaps and strides with Xen on FC4. It has been easy to get installed and to start our first virtual host. I''ve got one outstanding issue with iptables that is preventing me progressing further. This is a colo''d server. It has s single NIC with public IPs. The bridge is set to come up binding vif* <> xen-br0 <> eth1. I can start a

Hello, I'm just wondering why I can't manage my network interfaces through libvirt when the following kernel parameters are turned on: net.bridge.bridge-nf-call-ip6tables net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-arptables Is it a bug or by design? If the latter, could someone explain me premises of such decision? I'm aware of security implications of mixing

very perplexed here - I need to turn off iptables. Ive tried service iptables save service iptables stop chkconfig iptables off service ip6tables save service ip6tables stop chkconfig ip6tables off edited OPGX280 ~ # cat /etc/sysconfig/system-config-firewall # Configuration file for system-config-firewall --disabled --service=ssh OPGX280 ~ :( # cat /etc/selinux/config SELINUX=disabled

Hi, I have a suspicious problem with multiple uplinks configuration. First of all my configuration: 1) kernel 2.6.20.3 2) iptables 1.3.7 3) last iproute (for masked marks) All wan interfaces are bridged (stp disabled) in only one interface (wan0), all lan interfaces are bridged (stp enabled) in only one interface (zlan0). The wan0 bridge is to allow UPnP works. To allow related