|
|
|
|
|
|
|
|
|
|
xen-users
Re: [Xen-users] ebtables tying mac to ip problem
On Fri, Apr 3, 2009 at 6:22 PM, Rafał Kupka <rkupka+Listy.Xen@xxxxxxxxxxxxx> wrote:
On Fri, Apr 03, 2009 at 06:04:29PM +0100, David wrote:
Hi,
> Unfortunately i still cant get it to work. it seems to be a problem with
> /sbin/ebtables -P FORWARD DROP
Could you provide some ebtables logs?
> if i change this to /sbin/ebtables -P FORWARD then it starts working again
> but i can change ip address etc on the guest
There have to be DROP policy on the end of chain (or similar DROP rule).
It's preventing malicious traffic. All "good" network packets should hit
some ACCEPT rule before reaching end of FORWARD/INPUT chain.
> Does the vif-bridge patch still apply for this setup?
Yes.
> Will i start from scratch and try to build up a set of rules for this
> situation? i'm sure this will fit into most xen networking situations as
> this setup is popular.
Sounds useful.
Ha, well i don't even know where to start.
Any pointers? :)
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
|
|