Re: [I] Multicast traffic problem [cloudstack]

via GitHub Thu, 05 Oct 2023 01:43:31 -0700


alamintech commented on issue #7961:
URL: https://github.com/apache/cloudstack/issues/7961#issuecomment-1748391784


   [root@kvm ~]# iptables-save
   # Generated by iptables-save v1.8.4 on Thu Oct  5 14:12:15 2023
   *raw
   :PREROUTING ACCEPT [5182138:20322138213]
   :OUTPUT ACCEPT [913654:448793991]
   COMMIT
   # Completed on Thu Oct  5 14:12:15 2023
   # Generated by iptables-save v1.8.4 on Thu Oct  5 14:12:15 2023
   *filter
   :INPUT ACCEPT [595195:4335269819]
   :FORWARD ACCEPT [0:0]
   :OUTPUT ACCEPT [913654:448794023]
   :s-1-VM - [0:0]
   :BF-cloudbr0 - [0:0]
   :BF-cloudbr0-OUT - [0:0]
   :BF-cloudbr0-IN - [0:0]
   :v-2-VM - [0:0]
   :r-4-VM - [0:0]
   :i-2-3-VM - [0:0]
   :i-2-3-VM-eg - [0:0]
   :i-2-3-def - [0:0]
   :i-2-5-VM - [0:0]
   :i-2-5-VM-eg - [0:0]
   :i-2-5-def - [0:0]
   -A INPUT -p tcp -m tcp --dport 49152:49216 -j ACCEPT
   -A INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT
   -A INPUT -p tcp -m tcp --dport 16514 -j ACCEPT
   -A INPUT -p tcp -m tcp --dport 16509 -j ACCEPT
   -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
   -A FORWARD -o cloudbr0 -m physdev --physdev-is-bridged -j BF-cloudbr0
   -A FORWARD -i cloudbr0 -m physdev --physdev-is-bridged -j BF-cloudbr0
   -A FORWARD -o cloudbr0 -j DROP
   -A FORWARD -i cloudbr0 -j DROP
   -A s-1-VM -m physdev --physdev-in vnet2 --physdev-is-bridged -j RETURN
   -A s-1-VM -m physdev --physdev-in vnet1 --physdev-is-bridged -j RETURN
   -A s-1-VM -j ACCEPT
   -A BF-cloudbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
   -A BF-cloudbr0 -m physdev --physdev-is-in --physdev-is-bridged -j 
BF-cloudbr0-IN
   -A BF-cloudbr0 -m physdev --physdev-is-out --physdev-is-bridged -j 
BF-cloudbr0-OUT
   -A BF-cloudbr0 -m physdev --physdev-out ens9f0np0 --physdev-is-bridged -j 
ACCEPT
   -A BF-cloudbr0-OUT -m physdev --physdev-out vnet2 --physdev-is-bridged -j 
s-1-VM
   -A BF-cloudbr0-OUT -m physdev --physdev-out vnet1 --physdev-is-bridged -j 
s-1-VM
   -A BF-cloudbr0-OUT -m physdev --physdev-out vnet4 --physdev-is-bridged -j 
v-2-VM
   -A BF-cloudbr0-OUT -m physdev --physdev-out vnet5 --physdev-is-bridged -j 
v-2-VM
   -A BF-cloudbr0-OUT -m physdev --physdev-out vnet6 --physdev-is-bridged -j 
r-4-VM
   -A BF-cloudbr0-OUT -m physdev --physdev-out vnet8 --physdev-is-bridged -j 
i-2-3-def
   -A BF-cloudbr0-OUT -m physdev --physdev-out vnet9 --physdev-is-bridged -j 
i-2-5-def
   -A BF-cloudbr0-IN -m physdev --physdev-in vnet2 --physdev-is-bridged -j 
s-1-VM
   -A BF-cloudbr0-IN -m physdev --physdev-in vnet1 --physdev-is-bridged -j 
s-1-VM
   -A BF-cloudbr0-IN -m physdev --physdev-in vnet4 --physdev-is-bridged -j 
v-2-VM
   -A BF-cloudbr0-IN -m physdev --physdev-in vnet5 --physdev-is-bridged -j 
v-2-VM
   -A BF-cloudbr0-IN -m physdev --physdev-in vnet6 --physdev-is-bridged -j 
r-4-VM
   -A BF-cloudbr0-IN -m physdev --physdev-in vnet8 --physdev-is-bridged -j 
i-2-3-def
   -A BF-cloudbr0-IN -m physdev --physdev-in vnet9 --physdev-is-bridged -j 
i-2-5-def
   -A v-2-VM -m physdev --physdev-in vnet4 --physdev-is-bridged -j RETURN
   -A v-2-VM -m physdev --physdev-in vnet5 --physdev-is-bridged -j RETURN
   -A v-2-VM -j ACCEPT
   -A r-4-VM -m physdev --physdev-in vnet6 --physdev-is-bridged -j RETURN
   -A r-4-VM -j ACCEPT
   -A i-2-3-VM -m state --state NEW -j ACCEPT
   -A i-2-3-VM -j DROP
   -A i-2-3-VM-eg -m state --state NEW -j RETURN
   -A i-2-3-VM-eg -j DROP
   -A i-2-3-def -m state --state RELATED,ESTABLISHED -j ACCEPT
   -A i-2-3-def -p udp -m physdev --physdev-in vnet8 --physdev-is-bridged -m 
udp --sport 68 --dport 67 -j ACCEPT
   -A i-2-3-def -p udp -m physdev --physdev-out vnet8 --physdev-is-bridged -m 
udp --sport 67 --dport 68 -j ACCEPT
   -A i-2-3-def -p udp -m physdev --physdev-in vnet8 --physdev-is-bridged -m 
udp --sport 67 -j DROP
   -A i-2-3-def -m physdev --physdev-in vnet8 --physdev-is-bridged -m set ! 
--match-set i-2-3-VM src -j DROP
   -A i-2-3-def -m physdev --physdev-out vnet8 --physdev-is-bridged -m set ! 
--match-set i-2-3-VM dst -j DROP
   -A i-2-3-def -p udp -m physdev --physdev-in vnet8 --physdev-is-bridged -m 
set --match-set i-2-3-VM src -m udp --dport 53 -j RETURN
   -A i-2-3-def -p tcp -m physdev --physdev-in vnet8 --physdev-is-bridged -m 
set --match-set i-2-3-VM src -m tcp --dport 53 -j RETURN
   -A i-2-3-def -m physdev --physdev-in vnet8 --physdev-is-bridged -m set 
--match-set i-2-3-VM src -j i-2-3-VM-eg
   -A i-2-3-def -m physdev --physdev-out vnet8 --physdev-is-bridged -j i-2-3-VM
   -A i-2-5-VM -m state --state NEW -j ACCEPT
   -A i-2-5-VM -j DROP
   -A i-2-5-VM-eg -m state --state NEW -j RETURN
   -A i-2-5-VM-eg -j DROP
   -A i-2-5-def -m state --state RELATED,ESTABLISHED -j ACCEPT
   -A i-2-5-def -p udp -m physdev --physdev-in vnet9 --physdev-is-bridged -m 
udp --sport 68 --dport 67 -j ACCEPT
   -A i-2-5-def -p udp -m physdev --physdev-out vnet9 --physdev-is-bridged -m 
udp --sport 67 --dport 68 -j ACCEPT
   -A i-2-5-def -p udp -m physdev --physdev-in vnet9 --physdev-is-bridged -m 
udp --sport 67 -j DROP
   -A i-2-5-def -m physdev --physdev-in vnet9 --physdev-is-bridged -m set ! 
--match-set i-2-5-VM src -j DROP
   -A i-2-5-def -m physdev --physdev-out vnet9 --physdev-is-bridged -m set ! 
--match-set i-2-5-VM dst -j DROP
   -A i-2-5-def -p udp -m physdev --physdev-in vnet9 --physdev-is-bridged -m 
set --match-set i-2-5-VM src -m udp --dport 53 -j RETURN
   -A i-2-5-def -p tcp -m physdev --physdev-in vnet9 --physdev-is-bridged -m 
set --match-set i-2-5-VM src -m tcp --dport 53 -j RETURN
   -A i-2-5-def -m physdev --physdev-in vnet9 --physdev-is-bridged -m set 
--match-set i-2-5-VM src -j i-2-5-VM-eg
   -A i-2-5-def -m physdev --physdev-out vnet9 --physdev-is-bridged -j i-2-5-VM
   COMMIT
   # Completed on Thu Oct  5 14:12:15 2023
   # Generated by iptables-save v1.8.4 on Thu Oct  5 14:12:15 2023
   *nat
   :PREROUTING ACCEPT [6464:506599]
   :INPUT ACCEPT [2469:156500]
   :POSTROUTING ACCEPT [11120:744935]
   :OUTPUT ACCEPT [7426:413470]
   COMMIT
   # Completed on Thu Oct  5 14:12:15 2023
   # Generated by iptables-save v1.8.4 on Thu Oct  5 14:12:15 2023
   *mangle
   :PREROUTING ACCEPT [5182144:20322138417]
   :INPUT ACCEPT [712195:4345441269]
   :FORWARD ACCEPT [4495090:15978470369]
   :OUTPUT ACCEPT [913688:448796727]
   :POSTROUTING ACCEPT [5403355:16426889245]
   COMMIT
   # Completed on Thu Oct  5 14:12:15 2023
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [I] Multicast traffic problem [cloudstack]

Reply via email to