https://bugzilla.novell.com/show_bug.cgi?id=472107 User lnussel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=472107#c5 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|lnussel@novell.com | --- Comment #5 from Ludwig Nussel <lnussel@novell.com> 2009-02-12 01:20:45 MST ---
Re comment #3: Ludwig, during startup of a vm (xen, kvm, qemu, ...) a vif (tap) device is created and hotplug triggers invocation of vif-nat script. When called with 'online vif vif-ipaddr' this script does
routing_ip() { echo $(echo $1 | awk -F. '{print $1"."$2"."$3"."$4 + 127}') }
router_ip=$(routing_ip "$vif_ip")
weird calculation, yet this one avoids an external command with bash: router_ip="${vif_up%.*}.$((${vif_up##*.}+127))"
ip link set "$vif" up arp on ip addr add "$router_ip" dev "$vif" ip route add "$vif_ip" dev "$vif" src "$router_ip" echo 1 >/proc/sys/net/ipv4/conf/${vif}/proxy_arp iptables -A FORWARD -m physdev --physdev-in "$vif" -s "$addr" -j ACCEPT iptables -A FORWARD -m physdev --physdev-in "$vif" -p udp --sport 68 --dport 67 -j ACCEPT
How can this be handled when firewall is active?
SuSEfirewall2 doesn't support bridging firewall (physdev) rules like that. => feature request or custom rules script needed via FW_CUSTOMRULES. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.