[CentOS-virt] KVM with bridge in one interface
James B. Byrne
byrnejb at harte-lyne.ca
Fri Jun 25 17:09:00 EDT 2010
I am having a couple of iptables issues with this type of setup
myself. The RH manual says to insert a rule into the FORWARD chain
like this:
-A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
However, for the host does this not mean that every packet is
accepted. As far as I can discern from the documentation, when one
sets up a physically bridged network on a kvm host then every packet
arrives across the bridge interface and, insofar as the host is
concerned, anything that it does not orginate itself is forwarded.
I may be wrong on this, but the behaviour of my ssh filters since
putting that command in the FORWARD chain indicates that something
along those lines is occurring. The i/f eth0 seems to have no
relevence to iptables rules for the host instance.
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
More information about the CentOS-virt
mailing list