|  |  | 
  
    |  |  | 
 
  |   |  | 
  
    |  |  | 
  
    |  |  | 
  
    |   xen-users
Re: [Xen-users] ebtables tying mac to ip problem 
| 
 
 On Fri, Apr 3, 2009 at 6:22 PM, Rafał Kupka <rkupka+Listy.Xen@xxxxxxxxxxxxx>  wrote: 
On Fri, Apr 03, 2009 at 06:04:29PM +0100, David wrote:Hi,
 
 Could you provide some ebtables logs?> Unfortunately i still cant get it to work. it seems to be a problem with
 > /sbin/ebtables -P FORWARD DROP
 
 
 
 There have to be DROP policy on the end of chain (or similar DROP rule).> if i change this to  /sbin/ebtables -P FORWARD  then it starts working again
 > but i can change ip address etc on the guest
 
 
 It's preventing malicious traffic. All "good" network packets should hit
 some ACCEPT rule before reaching end of FORWARD/INPUT chain.
 
 Yes.> Does the vif-bridge patch still apply for this setup?
 
 
 
 Sounds useful.> Will i start from scratch and try to build up a set of rules for this
 > situation? i'm sure this will fit into most xen networking situations as
 > this setup is popular.
 
 
 
 Ha, well i don't even know where to start.
 
 Any pointers? :)
 
 
 
 _______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users | 
 |  | 
  
    |  |  |