|
|
|
|
|
|
|
|
|
|
xen-devel
Re: [Xen-devel] [PATCH] Re: network-bridge script breaks networkconnecti
On Tue, Jul 11, 2006 at 06:45:01AM +0100, Ian Pratt wrote:
> > This patch configures the bridge to *not* apply iptables filtering.
> This
> > makes the virtual bridge more like a real bridge (in that ip-layer
> filter
> > does not happen) and it makes the installation/configuration of xen
> from
> > sources easier (at least on FC5).
>
> The interaction with host firewall rules has always been a bit icky, not
> least because the xen network scripts typically run after the host's
> firewall scripts (and rename the network device). I've never understood
> what happens to the firewall rules - do they stay with the old eth0 (now
> peth0) or do they now apply to the new device name?
IIRC, interface names in iptables rules are symbolic, so eth0 means what
currently stands for eth0.
For what is worth, I never understood why Xen decides to rename the real
interface or why it tries to manually set the bridge's MAC address.
What I do, in my machines, is use the system's method of bridge
configuration (/etc/sysconfig/network-scripts/ifcfg-xenbr0). That fixed
some problems I had with xen (some instances of connections resetted on
xend start and domU unable to talk to other domU on another machine).
--
lfr
0/0
pgpT2W9HQVVI8.pgp
Description: PGP signature
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|