WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] iptables filtering when bridging

from [Mark McLoughlin] [Permanent Link][Original]
To: David <big.raiders.fan@xxxxxxxxx>
Subject: Re: [Xen-devel] iptables filtering when bridging
From: Mark McLoughlin <markmc@xxxxxxxxxx>
Date: Thu, 10 May 2007 08:38:52 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 10 May 2007 00:37:24 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <60cf56040705090704g3c2775dct4718a6e94a428c21@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: Red Hat Ltd. Registered Address: Red Hat Ltd, Brian O' Donnell and Partners, 62 Merrion Square, Dublin 2, Ireland. Registered in the Companies Registration Office, Parnell House, 14 Parnell Square, Dublin 1, Ireland, at No. 304873 Directors: Charlie Peters (USA), Michael Cunningham (USA), Matt Parson (USA), Brendan Lane
References: <60cf56040705090704g3c2775dct4718a6e94a428c21@xxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
Hi,

On Wed, 2007-05-09 at 10:04 -0400, David wrote:

>   Based on http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png,
> the packet appears to be going the right way, but I can't make it go
> any further.
> 
> Is it possible to have the packets go through the iptables Filter
> tables in Dom0? 

        Yep, packets should be going through iptables as they traverse the
bridge in Dom0 (as the diagram shows), unless it's explicitly disabled.
What does:

  $> sysctl net.bridge.bridge-nf-call-iptables

        show? (It should be "1")

Cheers,
Mark.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] fair scheduling, Harry Smith
Next by Date:  Re: [Xen-devel] fair scheduling, Atsushi SAKAI
Previous by Thread:  [Xen-devel] iptables filtering when bridging, David
Next by Thread:  Re: [Xen-devel] iptables filtering when bridging, David
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy