Oleg a écrit : > On Fri, Feb 04, 2011 at 03:54:20PM +0100, Pascal Hambourg wrote: >> >>> Any ideas? >> Yes, one : just another case of undesirable interaction between bridge >> and netfilter (aka bridge-netfilter). [...] >> Setting sysctl net.bridge.bridge-nf-call-iptables=0 to disable passing >> bridged packets to netfilter shouldf fix the problem. > > Thanks a lot! Good explanation. I completely forgot about bridge-nf-* vars.
Another option may be to use a virtual network between virtual machines instead of a bridge, so the host does not see the traffic between them. I don't know whether KVM provides such option, otherwise VDE (vde2) could be used instead. Yet another option may be to use a separate network namespace (netns), thus separate conntracks, for the bridge and its virtual interfaces. Don't ask me how to use this. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d4d3b1c.9090...@plouf.fr.eu.org
