Package: libvirt-bin Version: 0.8.3-5+squeeze2 Severity: important Hi there!
I would like to add network filters [1] to accept various kind of incoming traffics (e.g. HTTP) and thus I read the documentation at: <http://libvirt.org/formatnwfilter.html> [1] despite myself not being a firewall guru, I fail to understand why we need yet another format to define filters instead of using the iptables syntax by default or adding something like the ifupdown's options (in this case post-up and pre-down)... However, adding a simple filter like the following causes an error: ===== # cat /etc/libvirt/nwfilter/allow-http.xml <filter name='allow-http' chain='ipv4'> <rule action='accept' direction='in' > <tcp dstportstart='80' /> </rule> </filter> # grep allow-http /etc/libvirt/qemu/shelob.pca.it.xml <filterref filter='allow-http'/> # service libvirt-bin restart # less /var/log/syslog [...] Aug 5 16:27:55 mantissa libvirtd: 16:27:55.999: error : virRunWithHook:857 : \ internal error '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 \ --protocol udp --destination-port 69 --jump ACCEPT' exited with non-zero status 1 \ and signal 0: iptables: Bad rule (does a matching rule exist in that chain?).#012 Aug 5 16:27:56 mantissa libvirtd: 16:27:56.404: error : ebiptablesDriverInit:3416 : \ internal error essential tools to support ip(6)tables firewalls could not be located Aug 5 16:27:56 mantissa libvirtd: 16:27:56.406: warning : qemudStartup:1832 : \ Unable to create cgroup for driver: No such device or address Aug 5 16:27:56 mantissa libvirtd: 16:27:56.494: warning : qemudParsePCIDeviceStrs:1422 : \ Unexpected exit status '1', qemu probably failed Aug 5 16:27:56 mantissa libvirtd: 16:27:56.498: error : _iptablesCreateRuleInstance:1113 : \ internal error cannot create rule since iptables tool is missing. Aug 5 16:27:56 mantissa kernel: [312791.663024] device vnet0 entered promiscuous mode Aug 5 16:27:56 mantissa kernel: [312791.664044] virbr0: topology change detected, propagating Aug 5 16:27:56 mantissa kernel: [312791.664047] virbr0: port 1(vnet0) entering forwarding state Aug 5 16:27:56 mantissa kernel: [312791.682240] virbr0: port 1(vnet0) entering disabled state Aug 5 16:27:56 mantissa kernel: [312791.701260] device vnet0 left promiscuous mode Aug 5 16:27:56 mantissa kernel: [312791.701262] virbr0: port 1(vnet0) entering disabled state Aug 5 16:27:56 mantissa libvirtd: 16:27:56.596: error : qemuAutostartDomain:827 : \ Failed to autostart VM 'shelob.pca.it': internal error cannot create rule since iptables tool is missing. Aug 5 16:27:56 mantissa libvirtd: 16:27:56.654: warning : lxcStartup:1900 : \ Unable to create cgroup for driver: No such device or address ===== The first error is #592177 (with its clones #615907 and #626166), the other errors about essential or iptables tools missing are still puzzling my brain for an explication :-| NB, I do not have install-recommends on by default, but I have both ebtables and iptables installed. I tried installing libxml2-utils, but the error is still present. Thx, bye, Gismo / Luca -- System Information: Debian Release: 6.0.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libvirt-bin depends on: ii adduser 3.112+nmu2 add and remove users and groups ii libavahi-client3 0.6.27-2+squeeze1 Avahi client library ii libavahi-common3 0.6.27-2+squeeze1 Avahi common library ii libblkid1 2.17.2-9 block device id library ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libcap-ng0 0.6.4-1 An alternate posix capabilities li ii libdevmapper1.02.1 2:1.02.48-5 The Linux Kernel Device Mapper use ii libgcrypt11 1.4.5-2 LGPL Crypto library - runtime libr ii libgnutls26 2.8.6-1 the GNU TLS library - runtime libr ii libnl1 1.1-6 library for dealing with netlink s ii libparted0debian1 2.3-5 The GNU Parted disk partitioning s ii libpciaccess0 0.12.0-1 Generic PCI access library for X ii libreadline6 6.1-3 GNU readline and history libraries ii libsasl2-2 2.1.23.dfsg1-7 Cyrus SASL - authentication abstra ii libudev0 164-3 libudev shared library ii libuuid1 2.17.2-9 Universally Unique ID library ii libvirt0 0.8.3-5+squeeze2 library for interfacing with diffe ii libxenstore3.0 4.0.1-2 Xenstore communications library fo ii libxml2 2.7.8.dfsg-2+squeeze1 GNOME XML library ii logrotate 3.7.8-6 Log rotation utility Versions of packages libvirt-bin recommends: ii bridge-utils 1.4-5 Utilities for configuring the Linu ii dnsmasq-base 2.55-2 A small caching DNS proxy and DHCP ii ebtables 2.0.9.2-2 Ethernet bridge frame table admini pn gawk <none> (no description available) ii iptables 1.4.8-3 administration tools for packet fi pn libxml2-utils <none> (no description available) ii netcat-openbsd 1.89-4 TCP/IP swiss army knife ii qemu-kvm 0.12.5+dfsg-5+squeeze6 Full virtualization on x86 hardwar Versions of packages libvirt-bin suggests: pn policykit-1 <none> (no description available) -- Configuration Files: /etc/libvirt/qemu/networks/default.xml changed: <network> <name>default</name> <bridge name="virbr0" /> <forward/> <ip address="192.168.122.1" netmask="255.255.255.0"> <dhcp> <range start="192.168.122.2" end="192.168.122.254" /> <host mac="52:54:00:42:2f:dc" name="shelob.pca.it" ip="192.168.122.2" /> <host mac="52:54:00:02:b0:a6" name="mahnamahna.pca.it" ip="192.168.122.3" /> </dhcp> </ip> </network> -- no debconf information
pgpnURgSptO41.pgp
Description: PGP signature
