WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] iptables filtering when bridging

from [David] [Permanent Link][Original]
To: "Mark McLoughlin" <markmc@xxxxxxxxxx>
Subject: Re: [Xen-devel] iptables filtering when bridging
From: David <big.raiders.fan@xxxxxxxxx>
Date: Thu, 10 May 2007 09:35:44 -0400
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 10 May 2007 06:34:06 -0700
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=g1Qin05DBkfpAHsTPmCbfF4q6S+nT/6z/Q9lctI2OQG2gndypTQhE87ZvE2vB6IUMy2AsXAVP/6Fr+xARdEHR/p9TJchD8qNv7ztQxRjZsyRpZKLO+gLwOg/EYtkRXqS3JuvsBf2wWaDBvi4J6AwwrNYJ23IW2lrZ9Yr2LsyPRY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=P6xgBDocScfVRj997rZ7pvGOTNZDlsPgaqLDDzZUNt1cG/pVnWYLHNvf8fPPq4YfP1lXCi34Yc1jZf4v61kJToV8rcJ5Y484C6qVjWpJcmt5LKIi+7I9FED3+lnsj3NoOfFPgpl6WIaPXiiepEDDc02DsyMt/4Mm0hhTK/UAAVI=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <1178782732.3587.4.camel@blaa>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <60cf56040705090704g3c2775dct4718a6e94a428c21@xxxxxxxxxxxxxx> <1178782732.3587.4.camel@blaa>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx


On 5/10/07, Mark McLoughlin <markmc@xxxxxxxxxx> wrote:
Hi,

On Wed, 2007-05-09 at 10:04 -0400, David wrote:

>   Based on http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png,
> the packet appears to be going the right way, but I can't make it go
> any further.
>
> Is it possible to have the packets go through the iptables Filter
> tables in Dom0?

        Yep, packets should be going through iptables as they traverse the
bridge in Dom0 (as the diagram shows), unless it's explicitly disabled.
What does:

  $> sysctl net.bridge.bridge-nf-call-iptables

        show? (It should be "1")


It is showing "1".   Based on my iptables logging, I do see the packet going through iptables' Magle and Nat Prerouting chains.  It then goes into ebtables' Filter Input chain, and then there is no more logging.


Thanks,
David
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Xen-devel] Xrenstore and many save/restore cycles..., Petersson, Mats
Next by Date:  RE: [Xen-devel] Xrenstore and many save/restore cycles..., Petersson, Mats
Previous by Thread:  Re: [Xen-devel] iptables filtering when bridging, Mark McLoughlin
Next by Thread:  [Xen-devel] Will xen support MIPS?, lego luo
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy