* iptables issue
@ 2005-08-17 23:01 Arun Sharma
0 siblings, 0 replies; 3+ messages in thread
From: Arun Sharma @ 2005-08-17 23:01 UTC (permalink / raw)
To: xen-devel
This line in network-brige script fails for me:
# iptables -A FORWARD -m physdev --physdev-in ${dev} -j ACCEPT
iptables: No chain/target/match by that name
$ grep CONFIG_IP_NF_MATCH_PHYSDEV *
xen0_defconfig_x86_32:# CONFIG_IP_NF_MATCH_PHYSDEV is not set
xen0_defconfig_x86_64:# CONFIG_IP_NF_MATCH_PHYSDEV is not set
xen_defconfig_x86_32:CONFIG_IP_NF_MATCH_PHYSDEV=m
xen_defconfig_x86_64:CONFIG_IP_NF_MATCH_PHYSDEV=m
xenU_defconfig_x86_64:CONFIG_IP_NF_MATCH_PHYSDEV=m
As a result, packets don't get forwarded between eth0 and xen-br0.
-Arun
^ permalink raw reply [flat|nested] 3+ messages in thread* RE: iptables issue
@ 2005-08-17 23:13 Ian Pratt
2005-08-17 23:14 ` Arun Sharma
0 siblings, 1 reply; 3+ messages in thread
From: Ian Pratt @ 2005-08-17 23:13 UTC (permalink / raw)
To: Arun Sharma, xen-devel
> This line in network-brige script fails for me:
>
> # iptables -A FORWARD -m physdev --physdev-in ${dev} -j ACCEPT
> iptables: No chain/target/match by that name
You must have antispoof set to true to exercise that path in the script.
I've now enabled MATCH_PHYSDEV in the 32 and 64 bit xen0 kernels.
Thanks,
Ian
> $ grep CONFIG_IP_NF_MATCH_PHYSDEV *
> xen0_defconfig_x86_32:# CONFIG_IP_NF_MATCH_PHYSDEV is not set
> xen0_defconfig_x86_64:# CONFIG_IP_NF_MATCH_PHYSDEV is not set
> xen_defconfig_x86_32:CONFIG_IP_NF_MATCH_PHYSDEV=m
> xen_defconfig_x86_64:CONFIG_IP_NF_MATCH_PHYSDEV=m
> xenU_defconfig_x86_64:CONFIG_IP_NF_MATCH_PHYSDEV=m
>
> As a result, packets don't get forwarded between eth0 and xen-br0.
>
> -Arun
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
>
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: iptables issue
2005-08-17 23:13 Ian Pratt
@ 2005-08-17 23:14 ` Arun Sharma
0 siblings, 0 replies; 3+ messages in thread
From: Arun Sharma @ 2005-08-17 23:14 UTC (permalink / raw)
To: Ian Pratt; +Cc: xen-devel
Ian Pratt wrote:
>>This line in network-brige script fails for me:
>>
>> # iptables -A FORWARD -m physdev --physdev-in ${dev} -j ACCEPT
>> iptables: No chain/target/match by that name
>
>
> You must have antispoof set to true to exercise that path in the script.
It was on by default.
> I've now enabled MATCH_PHYSDEV in the 32 and 64 bit xen0 kernels.
Thanks, it fixes networking for VMX domains.
-Arun
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-08-17 23:14 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-08-17 23:01 iptables issue Arun Sharma
-- strict thread matches above, loose matches on Subject: below --
2005-08-17 23:13 Ian Pratt
2005-08-17 23:14 ` Arun Sharma
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.