https://bugzilla.novell.com/show_bug.cgi?id=472107
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=472107#c5
Ludwig Nussel
Re comment #3: Ludwig, during startup of a vm (xen, kvm, qemu, ...) a vif (tap) device is created and hotplug triggers invocation of vif-nat script. When called with 'online vif vif-ipaddr' this script does
routing_ip() { echo $(echo $1 | awk -F. '{print $1"."$2"."$3"."$4 + 127}') }
router_ip=$(routing_ip "$vif_ip")
weird calculation, yet this one avoids an external command with bash: router_ip="${vif_up%.*}.$((${vif_up##*.}+127))"
ip link set "$vif" up arp on ip addr add "$router_ip" dev "$vif" ip route add "$vif_ip" dev "$vif" src "$router_ip" echo 1 >/proc/sys/net/ipv4/conf/${vif}/proxy_arp iptables -A FORWARD -m physdev --physdev-in "$vif" -s "$addr" -j ACCEPT iptables -A FORWARD -m physdev --physdev-in "$vif" -p udp --sport 68 --dport 67 -j ACCEPT
How can this be handled when firewall is active?
SuSEfirewall2 doesn't support bridging firewall (physdev) rules like that. => feature request or custom rules script needed via FW_CUSTOMRULES. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.