Networking problem with firewall and KVM
Lorenzo Milesi
maxxer at ufficyo.com
Thu Dec 13 13:10:59 UTC 2012
> Can you give more details on the host networking setup?
eth0 -> br0
eth2 -> br1
eth0 is connected to the lan interface, eth2 to the modem
> This doesn't make sense to me.
to me neither :)
> Let's say eth1 is the WAN nic which is
> bridged into br1. Without extra iptables rules, traffic from the
> host
> is going to flow over eth1 without going through the kvm host first,
> right?
I don't know the details of bridging but yes, it sould be that way.
> So we really need to see your whole setup.
/etc/network/interfaces (relevant parts):
auto eth0
iface eth0 inet manual
# Rete locale
auto br0
iface br0 inet static
address 192.168.1.xx
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 192.168.1.1 8.8.8.8
bridge_ports eth0
bridge_stp off
bridge_fd 0
bridge_maxwait 0
auto eth2
iface eth2 inet manual
# Rete INTERNET
auto br1
iface br1 inet manual
bridge_ports eth2
bridge_stp off
bridge_fd 0
bridge_maxwait 0
it's really weird.
I've done similar configuration with Xen in the past and never had problems. It's the first time I'm using Ubuntu 12.
The only difference I left compared to other docs I found online was the standard virbr0 interface, which I now removed. That caused some iptables rules to be generated, but none was defaulting to reject. And right now, since when I removed the interface the rules have been removed, so iptables is totally empty.
thanks
--
Lorenzo Milesi - lorenzo.milesi at yetopen.it
GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it
More information about the ubuntu-server
mailing list