[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] ebtables tying mac to ip problem



On Fri, Apr 3, 2009 at 6:22 PM, RafaÅ Kupka <rkupka+Listy.Xen@xxxxxxxxxxxxx> wrote:
On Fri, Apr 03, 2009 at 06:04:29PM +0100, David wrote:
Hi,

> Unfortunately i still cant get it to work. it seems to be a problem with
> /sbin/ebtables -P FORWARD DROP

Could you provide some ebtables logs?

> if i change this to Â/sbin/ebtables -P FORWARD Âthen it starts working again
> but i can change ip address etc on the guest

There have to be DROP policy on the end of chain (or similar DROP rule).
It's preventing malicious traffic. All "good" network packets should hit
some ACCEPT rule before reaching end of FORWARD/INPUT chain.

> Does the vif-bridge patch still apply for this setup?

Yes.

> Will i start from scratch and try to build up a set of rules for this
> situation? i'm sure this will fit into most xen networking situations as
> this setup is popular.

Sounds useful.


Ha, well i don't even know where to start.

Any pointers? :)
Â


Kupson
--
Great software without the knowledge to run it is pretty useless.
(Linux Gazette #1)

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.