Hi
this is my bridge structure
=========================================
brctl show
bridge name bridge id STP enabled interfaces
*br0* 8000.0023aea32e26 no *eth0*
*tapxp*
=========================================
I tunneled a tapxp for my xp virtual machine.
host is centos 6 using eth0
eth0 & tapxp are under bridge *br0 *and they work well.
I wish to open 22 for host 80 for xp to outside.
others to the outside are blocked.
but I also wanna constrict nothing between *host* and *xp*
now for host it's OK to open 22 and others are blocked.
and I just want to open the connection between host and xp now.
I tried the following command ....
==========================================================================
iptables -A OUTPUT -s argent -m physdev --physdev-in tapxp -j ACCEPT
iptables -A OUTPUT -s argent -m policy --dir out --mode tunnel --tunnel-dst
172.18.16.0/21 -j ACCEPT
iptables -A OUTPUT -j LOG --log-tcp-sequence --log-level debug --log-prefix
'OUTPUT:'
==========================================================================
but failed by logging this
================================================================
6381 Aug 8 15:45:04 argent kernel: OUTPUT:IN= OUT=br0 SRC=172.18.22.188
DST=172.18.22.180 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54323 DF PROTO=TCP
SPT=52595 DPT=3389 SEQ=1304299590 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0
================================================================
from this log, I think it should in the *OUTPUT* chain, not *FORWARD*
but why could I open it?
1) is there a much more verbose log could be used, or could be opened.
2) how to solve this?
thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20110808/65be09f1/attachment-0004.html>