26 Nov
2012
26 Nov
'12
5:23 p.m.
On 11/25/2012 05:08 PM, Laine Stump wrote:
(btw, you must be running with net.bridge.bridge-nf-call-iptables=1, otherwise communications between guests (ipv4 and ipv6) would work just fine with no extra rules) Do you know what sets this?
On a system with no virtualization installed, net.bridge.bridge-nf-call-iptables=0 but with virtualization (and a lot of other stuff) installed, it is set to 1. I found only a single reference within libvirt which tests to see if they are set to 1. The values in /etc/sysctl.conf are all =0 so this must be related to something virtualization is doing (but not necessarily libvirt). Regardless, they are set so the ip6tables rule to allow guest-to-guest commo is needed. Gene