|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-bugs] [Bug 914] /etc/xen/scripts/vif-bridge shouldn't call handle_iptable
http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=914 wferi@xxxxxxx changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |wferi@xxxxxxx ------- Comment #1 from wferi@xxxxxxx 2008-07-11 13:49 ------- Hi, If you check the packet counters (sudo watch iptables -xvL FORWARD) you will see that they increase with the traffic flow. It's counterintuitive at first, but can be explained: see http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html So I say that the frob_iptable shell function in vif-common.sh does half the work only: it enables traffic coming from a domU, but not traffic going to a domU; that part is left at the mercy of the FORWARD chain policy (which is generally ACCEPT, so things work nevertheless). Please make the rule creation symmetric, and perhaps optional, too. Thanks, Feri. -- Configure bugmail: http://bugzilla.xensource.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. _______________________________________________ Xen-bugs mailing list Xen-bugs@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-bugs
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |