SCIENTIFIC-LINUX-USERS Archives

July 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
kvm bridge broadcast traffic
From:
R P Herrold <[log in to unmask]>
Reply To:
R P Herrold <[log in to unmask]>
Date:
Thu, 31 Jul 2014 12:31:31 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (34 lines) 
> > On my 6.5 x64 system my bridged KVM guests (several kind 
> > of Windows and
> many kind of Linux guests) do not get the broadcast messages. Every network
> packets reach them from the subnet except broadcast and multicast messages.
> How can that be?

My desk notes indicate we do this locally, so we can see 
messaged transit iptables:

	  Next we have to make sure that network traffic going across 
	the bridge(s) can be filtered. So...

    cat >> /etc/sysctl.conf <<EOF
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1
    net.bridge.bridge-nf-call-arptables = 1
    EOF
    sysctl -p /etc/sysctl.conf


and in iptables this rule 

	-A FORWARD -m physdev  --physdev-is-bridged -j ACCEPT

and ip6tables

	-A RH-Firewall-1-INPUT -m physdev  --physdev-is-bridged -j ACCEPT


As I recall the need to do this is documented, but obscure, 
involving ebtables and iptables (ip6tables)

-- Russ herrold

ATOM RSS1 RSS2