|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] IPtables "ctstate RELATED,ESTABLISHED" are not working
Hello,after installing XEN 3.0.4-1 and setting up iptables for that, I've some problems with the ctstate traffic, which is blocked from IPtables. Below a short printout is available from my /var/log/kern.log: --------May 13 17:05:13 debian4 kernel: IN=eth0 OUT= PHYSIN=peth0 PHYSOUT=vif0.0 MAC=00:13:8f:0f:5b:c7:00:04:0e:66:da:c8:08:00 SRC=172.16.76.15 DST=172.16.76.99 LEN=117 TOS=0x00 PREC=0x00 TTL=64 ID=2091 PROTO=UDP SPT=53 DPT=32769 LEN=97 ---------The DST is my Debian Linux Server and the SRC is the DSL-LAN Router which is connected to the Internet. My iptables-config is the following: debian4:/boot# iptables -L Chain INPUT (policy ACCEPT)target prot opt source destination ACCEPT 0 -- anywhere anywhere ACCEPT tcp -- anywhere debian4.xxxxx.net tcp dpt:ssh ACCEPT 0 -- anywhere anywhere ctstate RELATED,ESTABLISHED LOG 0 -- anywhere anywhere LOG level warning DROP 0 -- anywhere anywhere Chain FORWARD (policy ACCEPT)target prot opt source destination Chain OUTPUT (policy ACCEPT)target prot opt source destination So to avoid that the firewall will block the traffic though the bridge I can use the command: sysctl -w net.bridge.bridge-nf-call-iptables="0"which is working. Then everthing is fine. But this is not the real solution. It should work without this. So my question is now, did I forget something or is this a known bug in XEN. Is anybody who is sharing this problem with me Thanks Regards, Maik Brauer _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |