cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcus Sorensen <shadow...@gmail.com>
Subject Re: iptables rules on hosts
Date Fri, 14 Sep 2012 06:30:39 GMT
Yes, it should be set to 0 if not using security groups, right? Unless I
didn't understand something and security_group.py is called to fix things
up even when you are not using security groups, but I didn't see that
behavior. I just got an empty FORWARD table that rejected all bridge
traffic due to that setting being 1.
On Sep 14, 2012 12:25 AM, "Edison Su" <Edison.su@citrix.com> wrote:

> Security_group.py -> addfwframework will set bridge-nf-call-iptables to 1.
> It should be called when agent starts.
>
> Sent from my iPhone
>
> On Sep 13, 2012, at 11:10 PM, "Marcus Sorensen" <shadowsor@gmail.com>
> wrote:
>
> > Now that I'm not running security groups (VPC), I was running into
> > issues with iptables filtering bridged traffic. I know the easy fixes
> > (iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT  or
> > echo 1 >  /proc/sys/net/bridge/bridge-nf-call-iptables), but in
> > looking through the documentation and the code it doesn't seem like
> > there's any provisions to help. Is there something in the advanced
> > network code that should be doing this if security groups are
> > disabled, or should it be in the install guide?
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message