Oleg a écrit :
> On Sat, Feb 05, 2011 at 12:57:16PM +0100, Pascal Hambourg wrote:
>>
>> Another option may be to use a virtual network between virtual machines
>> instead of a bridge, so the host does not see the traffic between them.
>> I don't know whether KVM provides such option, otherwise VDE
On Sat, Feb 05, 2011 at 12:57:16PM +0100, Pascal Hambourg wrote:
> Oleg a ?crit :
> > On Fri, Feb 04, 2011 at 03:54:20PM +0100, Pascal Hambourg wrote:
> >>
> >>> Any ideas?
> >> Yes, one : just another case of undesirable interaction between bridge
> >> and netfilter (aka bridge-netfilter).
> [.
Oleg a écrit :
> On Fri, Feb 04, 2011 at 03:54:20PM +0100, Pascal Hambourg wrote:
>>
>>> Any ideas?
>> Yes, one : just another case of undesirable interaction between bridge
>> and netfilter (aka bridge-netfilter).
[...]
>> Setting sysctl net.bridge.bridge-nf-call-iptables=0 to disable passing
>
On Fri, Feb 04, 2011 at 03:54:20PM +0100, Pascal Hambourg wrote:
> Hello,
>
> Oleg a ?crit :
> >
> > INET <-- (eth0)[host](tap0) <-- [kvm1] <-- [kvm2]
> >
> > host:~# iptables-save
> > # Generated by iptables-save v1.4.10 on Thu Feb 3 15:53:45 2011
> > *nat
> > :PREROUTING ACCEPT [158:19117]
Hello,
Oleg a écrit :
>
> INET <-- (eth0)[host](tap0) <-- [kvm1] <-- [kvm2]
>
> host:~# iptables-save
> # Generated by iptables-save v1.4.10 on Thu Feb 3 15:53:45 2011
> *nat
> :PREROUTING ACCEPT [158:19117]
> :INPUT ACCEPT [142:17947]
> :OUTPUT ACCEPT [1273:77619]
> :POSTROUTING ACCEPT [23:1
Sorry. I forgot about routes on the host machine:
host:~# ip rou
192.168.100.0/24 dev tap0 proto kernel scope link src 192.168.100.2
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.254
192.168.200.0/24 via 192.168.100.1 dev tap0
default via 192.168.0.1 dev eth0
On Thu, Feb 03, 201
Hi.
I have a strange behaviour of iptables nat. I use several kvm instances on
my host machine in the next configuration:
INET <-- (eth0)[host](tap0) <-- [kvm1] <-- [kvm2]
another view:
INET
^
|
192.168.0.178/24
[host]
192
7 matches
Mail list logo
