Hello all!
I am trying to configure iptables to count traffic of my DomUs and to block
traffic if DomU uses incorrect IP address.
The problem is, it seems, that iptables does not see the traffic routed
throw a bridge.
My configuration is:
Dom0 ip, let it be: 10.0.0.1
domUs subnet: 10.0.1.8/27
on dom0 dummy0 interface with ip 10.0.1.8 is up and it is connected to
virtual interfaces via xenbr1:
[root@xen scripts]# /usr/sbin/brctl show
bridge name bridge id STP enabled interfaces
virbr0 8000.000000000000 yes
xenbr0 8000.feffffffffff no peth0
vif0.0
xenbr1 8000.6ef521bb1b21 no vif2.0
tap2
vif1.0
vif1.1
tap1
tap0
pdummy0
vif0.1
The network works fine, but iptables does not count any packets from/to
domUs:
Chain FORWARD (policy ACCEPT 21318 packets, 4877K bytes)
pkts bytes target prot opt in out source
destination
11326 1715K LOG all -- any any anywhere
anywhere LOG level debug
0 0 ACCEPT all -- any any 10.0.1.12
anywhere PHYSDEV match --physdev-in vif2.0
0 0 ACCEPT udp -- any any anywhere
anywhere PHYSDEV match --physdev-in vif2.0 udp spt:bootpc
dpt:bootps
Whats going wrong?
My system is CentOS 5.2, xen version 3.0.3
Thank you in advance for any help!!!
Best Regards,
Ivan
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users