On Mon, Sep 14, 2015 at 4:33 AM, Tom Eastep <[email protected]> wrote:
> Shell# ip link add name ${iface} ${macaddr} type bridge
> > Shell# ip link set dev ${iface} up promisc on
>
> That's the problem....
>
> > Shell# brctl setfd ${iface} 2
>
Dear dear dear! I've solved the problem and it was a really NASTY one! Now,
it works perfectly as expected without the promiscous mode but it took me 2
straight hours of fiddling here and there to narrow down the culprit!
It was the way the bridge was created! There's a subtle but really nasty
bug with "ip" command.
As I was doing :
Shell# ip link add name vbridge address 00:11:22:33:44:55 type bridge
Shell# ip link set dev vbridge up
=> Host can't ping/reach the LXC as well as LXC can't ping/reach Host.
Now...
Shell# ip link add name vbridge type bridge (or : brctl addbr vbridge)
Shell# ip link set dev vbridge address 00:11:22:33:44:55 up
=> Everything works fine!
See the subtlety? Setting the MAC address WHILE creating the bridge
triggers some sort of side effect :-(
Anyway, thank you! Because without you insisting on the uselessness of
promiscous mode for this setup, I wouldn't have gone deeper on the matter.
--
ObNox
------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
