[Bug 573461] Re: UFW blocks libvirt bridged traffic

Sat, 09 Apr 2011 16:11:08 -0700 

Ubuntu 10.04.1.  Both of the above workarounds are not working for me.

I can connect to my server if ufw is disabled with "ufw disable".  But
as soon as I turn on ufw, I cannot connect to it.  I have bridged
networking.  (I use this server for both KVM and LXC, but during testing
I turned off all KVM VMs and LXC containers.)


# On the server:
root@cst6:~# ufw disable
Firewall stopped and disabled on system startup
root@cst6:~# tail -n 3 /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
root@cst6:~# sysctl -p /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
root@cst6:~# tail -n 2 /etc/ufw/before.rules 
-I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
COMMIT
root@cst6:~# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
root@cst6:~# 

# Then I get filtered on my laptop:
derek@derek-laptop:~$ telnet cst6 22
Trying 192.168.2.13...
telnet: Unable to connect to remote host: Connection timed out
derek@derek-laptop:~$

I can see the packets getting filtered in the server /var/log/messages.
(192.168.2.10 is the laptop, .2.16 is the server:)

Apr  9 15:53:46 cst6 kernel: [ 1833.009899] [UFW BLOCK] IN=br0 OUT=
MAC=94:0c:6d:bc:no:no:no:no:no:no:no:no:no:no SRC=192.168.2.10
DST=192.168.2.13 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=52607 DF PROTO=TCP
SPT=41819 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0

The other UFW is default.  I have two bridges, br0 and br1.  The one I'm
playing with, br0, is DHCP (not that it matters).

Any other solutions?  I've looked at my rules with iptables -L but I
don't see anything weird.

This is not specific to KVM or libvirt, I don't think.  I've taken KVM
out of the picture.  Any help is appreciated.


** Changed in: ufw (Ubuntu)
       Status: Invalid => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/573461

Title:
  UFW blocks libvirt bridged traffic

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to