similar to: [PATCH] don''t require ebtables in the host kernel

Hello! Recently,I¡¯m doing a security project based upon ipv6.I have built up a bridge to support a transparent firewall.(my system is Fedora Core 2,kernel 2.6.5).In this system ,the version of the iptables is 1.2.7,which does not support ipv6(I have tried it).Thus,I download a new version and test it. The iptables functions in bridge mode,but the ipv6 doesn't work well.In the

Hi all, I order to reach maximum performance on my centos kvm hosts I have use these params: - On /etc/grub.conf: kernel /vmlinuz-2.6.18-164.11.1.el5 ro root=LABEL=/ elevator=deadline quiet - On sysctl.conf # Special network params net.core.rmem_default = 8388608 net.core.wmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216

I make some networking performance tests for Linux 3.10.13 #1 SMP is that normal Linux (pktget) ----> Linux (router) ----> Linux (Sink) eth0: 0.00 P/s 652024.78 P/s 652024.78 P/s eth1: 652175.58 P/s 2.98 P/s 652178.55 P/s with echo 0 >/proc/sys/net/bridge/bridge-nf-call-iptables CPU is about 2% with echo 1

I have a tricky problem. I''m going to use Augeas, like here http://projects.puppetlabs.com/projects/1/wiki/Puppet_Augeas#/etc/sysctl.conf to maintain sysctl.conf. However, since iptables is already disabled, when I add more lines to sysctl.conf with augeas and run sysctl -p, the following lines (which are already there) cause a failure. # Disable netfilter on bridges.

Hello, I'm just wondering why I can't manage my network interfaces through libvirt when the following kernel parameters are turned on: net.bridge.bridge-nf-call-ip6tables net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-arptables Is it a bug or by design? If the latter, could someone explain me premises of such decision? I'm aware of security implications of mixing

xenconsole fix. reference of tty->count in xencons_close() is racy. It must be protected by tty_sem semaphore like con_close() in drivers/char/vt.c -- yamahata _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel

Greetings, all: OS: CentOS 6.4 x86_64 Kernel: 2.6.32-358.14.1 I could use some assistance with setting up pulse to load balance my dns servers. I've configured tcp and udp port 53 with the piranha gui, set up arptable rules on the real servers and added the virtual ip to the bond0 interface on the real servers, but I'm still having no luck in getting things going. A dig against the

http://bugzilla.netfilter.org/show_bug.cgi?id=751 Summary: IPv6 bridging bug Product: iptables Version: unspecified Platform: x86_64 OS/Version: Gentoo Status: NEW Severity: normal Priority: P3 Component: ip6tables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: david at

On 02/26/2014 02:56 PM, Michal Privoznik wrote: > On 25.02.2014 22:45, François Chenais wrote: >> Hello >> >> I'm trying to setup a bridged guest on an ubuntu 13.10 but it doesn't >> work. >> >> (Everything is ok with NAT) >> >> Network sniffing shows that arp replies don't come back to the guest. >> >> >> Test 1

Hi all, i have a xen 4.3 installation and would like to have a bridge bond szenario: *** eth0 eth1 | | bond0 | br0 | vif = [ ''bridge=br0,mac=xx:xx:xx:xx:xx:xx'' ] *** With the network script in debian wheezy *** /etc/network/interfaces auto bond0 iface bond0 inet manual slaves eth0 eth1

Hi all, I''m having a hell of a time getting my IFB to work. I know I''ve done this before, so I''m missing something stupid. Can anybody tell me what it might be? Configs as follows: -------- #!/bin/sh modprobe ifb numifbs=1000 modprobe act_mirred modprobe 8021q brctl addbr br0 brctl setfd br0 0 brctl stp br0 off brctl addif br0 eth1 brctl addif br0 eth2 ifconfig eth1

I'm trying to accomplish what I had hoped would be a fairly simple filtering of traffic to my VMs, but I'm hitting a snag. The VMs are allowing traffic when I wouldn't expect them to. Host and Guest are both running the same platform: Ubuntu 12.04.4 LTS 0.9.8-2ubuntu17.19 I have a basic bridge enabled on the host: brctl addbr brdg brctl addif brdg eth1 ip link set brdg up The host

dear All, I'm facing this routing problem, the setup is actualy part of ltsp, but I think this problem is Centos-specific. The server is a Dell Poweredge R210. The install is standard 6.4, updated. I have one nic facing the public internet: vi /etc/sysconfig/network-scripts/ifcfg-em1 DEVICE=em1 BOOTPROTO=none HWADDR=d4:ae:52:c1:28:2b NM_CONTROLLED=no ONBOOT=yes TYPE=Ethernet

Hi! I have a problem with my new Xen setup. I have installed Debian etch with netinstall and I''m using 2.6.18-6-xen-amd64 kernel in my dom0 and 3.0.3-0-4 version xen hypervisor. I''m using four network cards on my system and using three of them as xen bridges and dom0 is using the fourth one only for it''s own. So basicly both of my virtual servers use a network card

Hello: I am trying to follow the RHEL virtualization guide to set up a bridge on a system running CentOS 5.4. I copied my ifcfg-eth0 to ifcfg-eth0:1 and set its content to this: DEVICE=eth0:1 HWADDR=[The MAC address from eth0] ONBOOT=yes BRIDGE=br1 I then created ifcfg-br1 with this content: DEVICE=br1 TYPE=Bridge BOOTPROTO=static BROADCAST=192.168.2.255 IPADDR=192.168.2.202

Does someone have a link to a how-to-do-it with firewalld, not "disable firewalld and use iptables"? mark

So, I'm setting up my first bridge, and I'm running into an interesting issue. I have a 4 port NIC (formerly 4 seperate /29 and /28 LANs) and an onboard NIC (to my ISP). I've setup the bridge using the script included at the bottom of this email (modified from Gentoo for Aurora). When the WET11 (the WET11 is a simple ethernet to wireless bridge) is unplugged, the bridge works

On 05/27/2014 02:46 AM, Brian Rak wrote: > Make sure you have: > > /proc/sys/net/bridge/bridge-nf-call-iptables = 1 That doesn't make sense. bridge-nf-call-iptables controls whether or not traffic going across a Linux host bridge device will be sent through iptables, but the rules created by nwfilter are applied to the "vnetX" tap devices that connect the guest to the

Hi, The attached patch fixes the setup of the bridge ports and the bridge itself. Changes: * move some functions to xen-network-common.sh, so both vif-bridge and network-bridge can use them. * add a new function to configure bridge ports and use it. * make sure arp requests, ipv6 autoconfiguration and ipv6 router solicitations are disabled for the bridge ports and also for the

Hi, What is the easiest way to bridge between two user-space processes that talk directly to Ethernet interfaces? I have two applications that write/read Ethernet frames to/from Linux Ethernet ports (e.g. eth0). The applications can successfully talk to each other when they run on two machines connected over Ethernet. I would like to be able to test them on a single machine without employing