[CentOS] [CentOS-virt] KVM with bridge in one interface

Fri Jun 25 20:49:38 UTC 2010
James B. Byrne <byrnejb at harte-lyne.ca>

I am having a couple of iptables issues with this type of setup
myself.  The RH manual says to insert a rule into the FORWARD chain
like this:

-A FORWARD -m physdev --physdev-is-bridged  -j ACCEPT

However, for the host does this not mean that every packet is
accepted.  As far as I can discern from the documentation, when one
sets up a physically bridged network on a kvm host then every packet
arrives across the bridge interface and, insofar as the host is
concerned, anything that it does not orginate itself is forwarded.

I may be wrong on this, but the behaviour of my ssh filters since
putting that command in the FORWARD chain indicates that something
along those lines is occurring.  The i/f eth0 seems to have no
relevence to iptables rules for the host instance.

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3