cloudstack-users-cn mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "谢福平" <754282...@qq.com>
Subject 主机防火墙问题
Date Fri, 30 May 2014 07:52:42 GMT
环境:CS4.0.2+KVM;一个基本网络的集群中有两台主机A和B
 操作:当A上新建一个虚拟机后,用查看防火墙的状态:有关于各个虚拟机的链规则
 [root@32 /]# iptables -L -v -n
Chain INPUT (policy ACCEPT 2024K packets, 970M bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           udp
dpt:53 
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           tcp
dpt:53 
    0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           udp
dpt:67 
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           tcp
dpt:67 
 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 500K  255M BF-cloudbr2  all  --  *      cloudbr2  0.0.0.0/0            0.0.0.0/0        
  PHYSDEV match --physdev-is-bridged 
  127 15619 BF-cloudbr2  all  --  cloudbr2 *       0.0.0.0/0            0.0.0.0/0        
  PHYSDEV match --physdev-is-bridged 
  127 15619 DROP       all  --  *      cloudbr2  0.0.0.0/0            0.0.0.0/0          

    0     0 DROP       all  --  cloudbr2 *       0.0.0.0/0            0.0.0.0/0          

    0     0 ACCEPT     all  --  *      virbr0  0.0.0.0/0            192.168.122.0/24    state
RELATED,ESTABLISHED 
    0     0 ACCEPT     all  --  virbr0 *       192.168.122.0/24     0.0.0.0/0           
    0     0 ACCEPT     all  --  virbr0 virbr0  0.0.0.0/0            0.0.0.0/0           
    0     0 REJECT     all  --  *      virbr0  0.0.0.0/0            0.0.0.0/0           reject-with
icmp-port-unreachable 
    0     0 REJECT     all  --  virbr0 *       0.0.0.0/0            0.0.0.0/0           reject-with
icmp-port-unreachable 
 Chain OUTPUT (policy ACCEPT 2063K packets, 1839M bytes)
 pkts bytes target     prot opt in     out     source               destination         
 Chain BF-cloudbr2 (2 references)
 pkts bytes target     prot opt in     out     source               destination         
 219K  205M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state
RELATED,ESTABLISHED 
 281K   50M BF-cloudbr2-IN  all  --  *      *       0.0.0.0/0            0.0.0.0/0       
   PHYSDEV match --physdev-is-in --physdev-is-bridged 
 281K   50M BF-cloudbr2-OUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0      
    PHYSDEV match --physdev-is-out --physdev-is-bridged 
 9660  759K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-out eth2 --physdev-is-bridged 
 Chain BF-cloudbr2-IN (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  304 91814 r-189-VM   all  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-in vnet0 --physdev-is-bridged 
    0     0 i-2-188-def  all  --  *      *       0.0.0.0/0            0.0.0.0/0          
PHYSDEV match --physdev-in vnet2 --physdev-is-bridged 
25219 2144K i-9-145-def  all  --  *      *       0.0.0.0/0            0.0.0.0/0          
PHYSDEV match --physdev-in vnet3 --physdev-is-bridged 
 2225  444K i-8-170-def  all  --  *      *       0.0.0.0/0            0.0.0.0/0          
PHYSDEV match --physdev-in vnet4 --physdev-is-bridged 
   89 15736 i-2-151-def  all  --  *      *       0.0.0.0/0            0.0.0.0/0          
PHYSDEV match --physdev-in vnet5 --physdev-is-bridged 
  441 50780 i-8-157-def  all  --  *      *       0.0.0.0/0            0.0.0.0/0          
PHYSDEV match --physdev-in vnet6 --physdev-is-bridged 
 3688  537K i-4-124-def  all  --  *      *       0.0.0.0/0            0.0.0.0/0          
PHYSDEV match --physdev-in vnet7 --physdev-is-bridged 
 3249  211K i-7-158-def  all  --  *      *       0.0.0.0/0            0.0.0.0/0          
PHYSDEV match --physdev-in vnet8 --physdev-is-bridged 
 Chain BF-cloudbr2-OUT (1 references)
 pkts bytes target     prot opt in     out     source               destination         
34215 6143K r-189-VM   all  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-out vnet0 --physdev-is-bridged 
34001 6158K i-2-188-def  all  --  *      *       0.0.0.0/0            0.0.0.0/0          
PHYSDEV match --physdev-out vnet2 --physdev-is-bridged 
31479 5924K i-9-145-def  all  --  *      *       0.0.0.0/0            0.0.0.0/0          
PHYSDEV match --physdev-out vnet3 --physdev-is-bridged 
33737 6101K i-8-170-def  all  --  *      *       0.0.0.0/0            0.0.0.0/0          
PHYSDEV match --physdev-out vnet4 --physdev-is-bridged 
33955 6138K i-2-151-def  all  --  *      *       0.0.0.0/0            0.0.0.0/0          
PHYSDEV match --physdev-out vnet5 --physdev-is-bridged 
33985 6154K i-8-157-def  all  --  *      *       0.0.0.0/0            0.0.0.0/0          
PHYSDEV match --physdev-out vnet6 --physdev-is-bridged 
33973 6145K i-4-124-def  all  --  *      *       0.0.0.0/0            0.0.0.0/0          
PHYSDEV match --physdev-out vnet7 --physdev-is-bridged 
34283 6203K i-7-158-def  all  --  *      *       0.0.0.0/0            0.0.0.0/0          
PHYSDEV match --physdev-out vnet8 --physdev-is-bridged 
 Chain i-2-151-VM (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 4749  681K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp
dpts:1:65535 state NEW 
 7680 2801K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp
dpts:1:65535 state NEW 
   32  1944 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp
type 255 
21468 2645K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 Chain i-2-151-VM-eg (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   89 15736 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 Chain i-2-151-def (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state
RELATED,ESTABLISHED 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-in vnet5 --physdev-is-bridged udp spt:68 dpt:67 
   26  9441 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-out vnet5 --physdev-is-bridged udp spt:67 dpt:68 
    0     0 RETURN     udp  --  *      *       10.6.32.33           0.0.0.0/0           PHYSDEV
match --physdev-in vnet5 --physdev-is-bridged udp dpt:53 
   89 15736 i-2-151-VM-eg  all  --  *      *       10.6.32.33           0.0.0.0/0        
  PHYSDEV match --physdev-in vnet5 --physdev-is-bridged 
33929 6129K i-2-151-VM  all  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-out vnet5 --physdev-is-bridged 
 Chain i-2-188-VM (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 4788  700K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp
dpts:1:65535 state NEW 
 7684 2801K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp
dpts:1:65535 state NEW 
   29  1764 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp
type 255 
21474 2646K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 Chain i-2-188-VM-eg (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 Chain i-2-188-def (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state
RELATED,ESTABLISHED 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-in vnet2 --physdev-is-bridged udp spt:68 dpt:67 
   26  9441 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-out vnet2 --physdev-is-bridged udp spt:67 dpt:68 
    0     0 RETURN     udp  --  *      *       10.6.32.29           0.0.0.0/0           PHYSDEV
match --physdev-in vnet2 --physdev-is-bridged udp dpt:53 
    0     0 i-2-188-VM-eg  all  --  *      *       10.6.32.29           0.0.0.0/0        
  PHYSDEV match --physdev-in vnet2 --physdev-is-bridged 
33975 6149K i-2-188-VM  all  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-out vnet2 --physdev-is-bridged 
 Chain i-4-124-VM (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 4783  689K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp
dpts:1:65535 state NEW 
 7676 2800K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp
dpts:1:65535 state NEW 
   30  1824 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp
type 255 
21460 2645K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 Chain i-4-124-VM-eg (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 3662  535K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 Chain i-4-124-def (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state
RELATED,ESTABLISHED 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-in vnet7 --physdev-is-bridged udp spt:68 dpt:67 
   24  8718 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-out vnet7 --physdev-is-bridged udp spt:67 dpt:68 
   26  1612 RETURN     udp  --  *      *       10.6.32.50           0.0.0.0/0           PHYSDEV
match --physdev-in vnet7 --physdev-is-bridged udp dpt:53 
 3662  535K i-4-124-VM-eg  all  --  *      *       10.6.32.50           0.0.0.0/0        
  PHYSDEV match --physdev-in vnet7 --physdev-is-bridged 
33949 6136K i-4-124-VM  all  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-out vnet7 --physdev-is-bridged 
 Chain i-7-158-VM (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 5000  744K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp
dpts:1:65535 state NEW 
 7754 2803K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp
dpts:1:65535 state NEW 
   30  1824 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp
type 255 
21475 2645K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 Chain i-7-158-VM-eg (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 2605  169K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 Chain i-7-158-def (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state
RELATED,ESTABLISHED 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-in vnet8 --physdev-is-bridged udp spt:68 dpt:67 
   24  8718 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-out vnet8 --physdev-is-bridged udp spt:67 dpt:68 
  644 41909 RETURN     udp  --  *      *       10.6.32.32           0.0.0.0/0           PHYSDEV
match --physdev-in vnet8 --physdev-is-bridged udp dpt:53 
 2605  169K i-7-158-VM-eg  all  --  *      *       10.6.32.32           0.0.0.0/0        
  PHYSDEV match --physdev-in vnet8 --physdev-is-bridged 
34259 6194K i-7-158-VM  all  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-out vnet8 --physdev-is-bridged 
 Chain i-8-157-VM (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 4783  697K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp
dpts:1:65535 state NEW 
 7680 2801K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp
dpts:1:65535 state NEW 
   29  1764 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp
type 255 
21467 2645K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 Chain i-8-157-VM-eg (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  441 50780 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp
dpts:1:65535 state NEW 
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp
dpts:1:65535 state NEW 
    0     0 RETURN     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp
type 255 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 Chain i-8-157-def (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state
RELATED,ESTABLISHED 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-in vnet6 --physdev-is-bridged udp spt:68 dpt:67 
   26  9441 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-out vnet6 --physdev-is-bridged udp spt:67 dpt:68 
    0     0 RETURN     udp  --  *      *       10.6.32.65           0.0.0.0/0           PHYSDEV
match --physdev-in vnet6 --physdev-is-bridged udp dpt:53 
  441 50780 i-8-157-VM-eg  all  --  *      *       10.6.32.65           0.0.0.0/0        
  PHYSDEV match --physdev-in vnet6 --physdev-is-bridged 
33959 6144K i-8-157-VM  all  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-out vnet6 --physdev-is-bridged 
 Chain i-8-170-VM (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 4533  644K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp
dpts:1:65535 state NEW 
 7680 2801K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp
dpts:1:65535 state NEW 
   30  1824 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp
type 255 
21468 2645K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 Chain i-8-170-VM-eg (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 1960  426K RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp
dpts:1:65535 state NEW 
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp
dpts:1:65535 state NEW 
    0     0 RETURN     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp
type 255 
   72  2880 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 Chain i-8-170-def (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state
RELATED,ESTABLISHED 
   12  4128 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-in vnet4 --physdev-is-bridged udp spt:68 dpt:67 
   26  9441 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-out vnet4 --physdev-is-bridged udp spt:67 dpt:68 
  181 10588 RETURN     udp  --  *      *       10.6.32.25           0.0.0.0/0           PHYSDEV
match --physdev-in vnet4 --physdev-is-bridged udp dpt:53 
 2032  429K i-8-170-VM-eg  all  --  *      *       10.6.32.25           0.0.0.0/0        
  PHYSDEV match --physdev-in vnet4 --physdev-is-bridged 
33711 6091K i-8-170-VM  all  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-out vnet4 --physdev-is-bridged 
 Chain i-9-145-VM (1 references)
 pkts bytes target     prot opt in     out     source               destination         
31453 5915K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 Chain i-9-145-VM-eg (1 references)
 pkts bytes target     prot opt in     out     source               destination         
21148 1903K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 Chain i-9-145-def (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state
RELATED,ESTABLISHED 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-in vnet3 --physdev-is-bridged udp spt:68 dpt:67 
   26  9441 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-out vnet3 --physdev-is-bridged udp spt:67 dpt:68 
 4071  241K RETURN     udp  --  *      *       10.6.32.31           0.0.0.0/0           PHYSDEV
match --physdev-in vnet3 --physdev-is-bridged udp dpt:53 
21148 1903K i-9-145-VM-eg  all  --  *      *       10.6.32.31           0.0.0.0/0        
  PHYSDEV match --physdev-in vnet3 --physdev-is-bridged 
31453 5915K i-9-145-VM  all  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-out vnet3 --physdev-is-bridged 
 Chain r-189-VM (2 references)
 pkts bytes target     prot opt in     out     source               destination         
  304 91814 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV
match --physdev-in vnet0 --physdev-is-bridged 
34215 6143K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
[root@32 /]#
      当B上新建一个虚拟机后,用查看防火墙的状态:却只有新建虚拟机的链规则
 [root@32 /]# service iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination         
 Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination         
 Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         
 Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
 Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    BF-cloudbr2  all  --  0.0.0.0/0            0.0.0.0/0           PHYSDEV match --physdev-is-bridged

2    BF-cloudbr2  all  --  0.0.0.0/0            0.0.0.0/0           PHYSDEV match --physdev-is-bridged

3    DROP       all  --  0.0.0.0/0            0.0.0.0/0           
4    DROP       all  --  0.0.0.0/0            0.0.0.0/0           
 Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         
 Chain BF-cloudbr2 (2 references)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED

2    BF-cloudbr2-IN  all  --  0.0.0.0/0            0.0.0.0/0           PHYSDEV match --physdev-is-in
--physdev-is-bridged 
3    BF-cloudbr2-OUT  all  --  0.0.0.0/0            0.0.0.0/0           PHYSDEV match --physdev-is-out
--physdev-is-bridged 
4    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           PHYSDEV match --physdev-out
eth2 --physdev-is-bridged 
 Chain BF-cloudbr2-IN (1 references)
num  target     prot opt source               destination         
1    i-2-217-def  all  --  0.0.0.0/0            0.0.0.0/0           PHYSDEV match --physdev-in
vnet6 --physdev-is-bridged 
 Chain BF-cloudbr2-OUT (1 references)
num  target     prot opt source               destination         
1    i-2-217-def  all  --  0.0.0.0/0            0.0.0.0/0           PHYSDEV match --physdev-out
vnet6 --physdev-is-bridged 
 Chain i-2-217-VM (1 references)
num  target     prot opt source               destination         
1    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpts:1:65535 state NEW

2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpts:1:65535 state NEW

3    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255 
4    DROP       all  --  0.0.0.0/0            0.0.0.0/0           
 Chain i-2-217-VM-eg (1 references)
num  target     prot opt source               destination         
1    RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
 Chain i-2-217-def (2 references)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED

2    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           PHYSDEV match --physdev-in
vnet6 --physdev-is-bridged udp spt:68 dpt:67 
3    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           PHYSDEV match --physdev-out
vnet6 --physdev-is-bridged udp spt:67 dpt:68 
4    RETURN     udp  --  10.6.32.30           0.0.0.0/0           PHYSDEV match --physdev-in
vnet6 --physdev-is-bridged udp dpt:53 
5    i-2-217-VM-eg  all  --  10.6.32.30           0.0.0.0/0           PHYSDEV match --physdev-in
vnet6 --physdev-is-bridged 
6    i-2-217-VM  all  --  0.0.0.0/0            0.0.0.0/0           PHYSDEV match --physdev-out
vnet6 --physdev-is-bridged 
 [root@32 /]#
  
 这会导致主机B上原有的虚拟机ping不通.
 请高手指点一下,或提供一些资料,我自行查找原因.
Mime
  • Unnamed multipart/alternative (inline, 8-Bit, 0 bytes)
View raw message