On 06/17/2010 11:01 AM, Aleksander Trofimowicz wrote:
Hello,
I'm just wondering why I can't manage my network interfaces through
libvirt when the following kernel parameters are turned on:
net.bridge.bridge-nf-call-ip6tables
net.bridge.bridge-nf-call-iptables
net.bridge.bridge-nf-call-arptables
Is it a bug or by design?
There should be no problems with this. The only place any of these are
used in netcf is that net.bridge.bridge-nf-call-iptables is checked at
one point, and if it's set to 1, an attempt is made to assure traffic
can pass through all the bridges by parsing /etc/sysconfig/iptables and
adding appropriate rules (see the function bridge_physdevs() in netcf if
you're into looking at source code).
One thing that has shown up recently is that when
bridge-nf-call-iptables is 1, if /etc/sysconfig/iptables is empty or
malformed, netcf will fail to initialize. There have been a couple of
bugs filed against RHEL for this, but they haven't yet been cloned
upstream. Just to verify this is actually the problem, can you check
your /etc/sysconfig/iptables to see if it is 0 length (and if so, put
some basic rules in and try again)?
_______________________________________________
libvirt-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/libvirt-users
