On 02/17/2016 6:02 am, Tomas Vondra wrote:
Andre Goree <andre@...> writes:
I am trying to determine how exactly I can manipulate traffic from a
_guest's_ NIC using iptables on the _host_. On the host, there is a
bridged virtual NIC that corresponds to the guest's NIC. That
interface
does not have an IP setup on it on the host, however within the vm
itself the IP is configured and everything works as expected.
Hi!
No IP on the interface does not prevent you from using iptables. The
kernel
filters any packets it sees. From what I remember from the OpenStack
developers, you can't use iptables with OpenVSwitch, but attaching
rules to
a linux brcrl bridge should be perfectly fine.
Tomas
Ugh, from what I've seen the packets from guest's interface do not even
reach the host's iptables. I'm going to go through and setup the lab
multi-node environment again and see if I can drill down from there. I
must be missing something. From what I've seen, even logging everything
possible iptables (on the host) is not seeing any traffic exiting the
guest's interface. I'll triple-check how exactly I'm determining that
too, given your response. Thanks Tomas!
--
Andre Goree
-=-=-=-=-=-
Email - andre at drenet.net
Website - http://www.drenet.net
PGP key - http://www.drenet.net/pubkey.txt
-=-=-=-=-=-
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
