>>you 
>>have a single tool managing tables containing the chains. Iow. bridge 
>>stuff still goes into the bridge tables, ip stuff into the ip tables, 
>>arp stuff into the arp tables. 

bridge log: (get forward working). 

: IN=fwln150i0 OUT=tap150i0 ARP HTYPE=1 PTYPE=0x0800 OPCODE=1 
MACSRC=5a:1a:9a:dc:7c:09 IPSRC=10.3.95.78 MACDST=00:00:00:00:00:00 
IPDST=10.3.95.44 

so, yes, we have mac and ip, but don't have ip information about tcp/udp and 
port. 
so it's really more like ebtables. 

we really need to use inet tables for rules. (and need to be able to make rules 
on physdevin|physdevoutt) 
Jul 27 12:19:14 kvmtest1 kernel: [165625.946715] forward: IN=fwbr150i0 
OUT=fwbr150i0 PHYSIN=fwln150i0 PHYSOUT=tap150i0 
MAC=01:00:5e:00:00:fc:0e:d3:35:5a:1c:a5:08:00 SRC=10.3.95.20 DST=224.0.0.252 
LEN=61 TOS=0x00 PREC=0x00 TTL=1 ID=14541 PROTO=UDP SPT=61150 DPT=5355 LEN=41 





        

Alexandre Derumier 
Ingénieur système et stockage 


Fixe : 03 20 68 90 88 
Fax : 03 20 68 90 81 


45 Bvd du Général Leclerc 59100 Roubaix 
12 rue Marivaux 75002 Paris 


MonSiteEstLent.com - Blog dédié à la webperformance et la gestion de pics de 
trafic 


De: "Wolfgang Bumiller" <w.bumil...@proxmox.com> 
À: "aderumier" <aderum...@odiso.com> 
Cc: "pve-devel" <pve-devel@pve.proxmox.com> 
Envoyé: Lundi 27 Juillet 2015 13:47:22 
Objet: Re: [pve-devel] nftables 0.4 and kernel 3.19, still problem with 
physdevin|out 

> oh ok, didn't known that. (still a bit confuse between bridge vs ip/inet 
> tables) 

I'm new to nft, too, but as far as I understand it's not actually much 
different from iptables (from the outside anyway). 
It's just that rather than having several tools managing chains, you 
have a single tool managing tables containing the chains. Iow. bridge 
stuff still goes into the bridge tables, ip stuff into the ip tables, 
arp stuff into the arp tables. 

There's also no complete documentation available yet. My current 
favorite is the gentoo wiki. 

> I don't known why, but I don't see any traffic in forward from bridge table. 
> (input|output for bridge ip itself is working fine). 
> forward in ip|inet table is working fine. 
> 
> any idea ? 

Not really. What kernels did you test and how are you viewing the 
traffic? (Are you using the log action?) 
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to