SCIENTIFIC-LINUX-USERS Archives

July 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: kvm bridge broadcast traffic
From:
Andras Horvath <[log in to unmask]>
Reply To:
Andras Horvath <[log in to unmask]>
Date:
Thu, 31 Jul 2014 21:04:54 +0200
Content-Type:
text/plain
Parts/Attachments:
text/plain (44 lines) 
I've changed the network card and magically everything is working as expected.

Thanks for all the suggestions though.

Andras


On Thu, 31 Jul 2014 12:31:31 -0400
R P Herrold <[log in to unmask]> wrote:

> > > On my 6.5 x64 system my bridged KVM guests (several kind 
> > > of Windows and
> > many kind of Linux guests) do not get the broadcast messages. Every network
> > packets reach them from the subnet except broadcast and multicast messages.
> > How can that be?
> 
> My desk notes indicate we do this locally, so we can see 
> messaged transit iptables:
> 
> 	  Next we have to make sure that network traffic going across 
> 	the bridge(s) can be filtered. So...
> 
>     cat >> /etc/sysctl.conf <<EOF
>     net.bridge.bridge-nf-call-ip6tables = 1
>     net.bridge.bridge-nf-call-iptables = 1
>     net.bridge.bridge-nf-call-arptables = 1
>     EOF
>     sysctl -p /etc/sysctl.conf
> 
> 
> and in iptables this rule 
> 
> 	-A FORWARD -m physdev  --physdev-is-bridged -j ACCEPT
> 
> and ip6tables
> 
> 	-A RH-Firewall-1-INPUT -m physdev  --physdev-is-bridged -j ACCEPT
> 
> 
> As I recall the need to do this is documented, but obscure, 
> involving ebtables and iptables (ip6tables)
> 
> -- Russ herrold

ATOM RSS1 RSS2