[libvirt-users] network filtering
I try to add some rules to filtering network, example <filterref filter='clean-traffic'/> or <filterref filter='no-ip-spoofing'/> and vm not starting with message virsh start freebsd8.2 error: Failed to start domain freebsd8.2 error: internal error IP parameter must be given since libvirt was not compiled with IP address learning support what do I do wrong? libvirtd --version libvirtd (libvirt) 0.8.4
于 2010年11月13日 16:40, Anton Gorlov 写道:
I try to add some rules to filtering network, example <filterref filter='clean-traffic'/> or <filterref filter='no-ip-spoofing'/> and vm not starting with message
virsh start freebsd8.2 error: Failed to start domain freebsd8.2 error: internal error IP parameter must be given since libvirt was not compiled with IP address learning support
what do I do wrong?
Just as the error says, your libvirt is not compiled with "libpcap", filter "no-ip-spoofing" has a variable "$IP", which needs "IP learning" of network filter driver to generate automatically. To work around it, recompile it with "--with-libpcap" or set "$IP" by hand. - Osier
libvirtd --version libvirtd (libvirt) 0.8.4
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
14.11.2010 23:19, Osier Yang пишет:
Just as the error says, your libvirt is not compiled with "libpcap", filter "no-ip-spoofing" has a variable "$IP", which needs "IP learning" of network filter driver to generate automatically. To work around it, recompile it with "--with-libpcap" or set "$IP" by hand.
today evening, I'll try to rebuild it with --with-libpcap. Should I set "$IP" to guest-server ip or to host-node's ?
14.11.2010 23:19, Osier Yang пишет:
virsh start freebsd8.2 error: Failed to start domain freebsd8.2 error: internal error IP parameter must be given since libvirt was not compiled with IP address learning support what do I do wrong? Just as the error says, your libvirt is not compiled with "libpcap", filter "no-ip-spoofing" has a variable "$IP", which needs "IP learning" of network filter driver to generate automatically. To work around it, recompile it with "--with-libpcap" or set "$IP" by hand.
This filters working in kernel space or user?
于 2010年11月17日 15:42, Anton Gorlov 写道:
14.11.2010 23:19, Osier Yang пишет:
virsh start freebsd8.2 error: Failed to start domain freebsd8.2 error: internal error IP parameter must be given since libvirt was not compiled with IP address learning support what do I do wrong? Just as the error says, your libvirt is not compiled with "libpcap", filter "no-ip-spoofing" has a variable "$IP", which needs "IP learning" of network filter driver to generate automatically. To work around it, recompile it with "--with-libpcap" or set "$IP" by hand.
This filters working in kernel space or user?
it's based on iptables/ebtables, and also ip6tables in future. so, it uses these tools in userspace, works with according kernel module support, e.g. iptables_nat, ebtables, etc. - Osier
17.11.2010 10:46, Osier Yang пишет:
This filters working in kernel space or user? it's based on iptables/ebtables, and also ip6tables in future. so, it uses these tools in userspace, works with according kernel module support, e.g. iptables_nat, ebtables, etc.
Hmm, I rebuild with libpcap == ldd `which virsh` | grep pcap libpcap.so.0.8 => /usr/lib64/libpcap.so.0.8 (0x00007fb631f4b000) == guest start with no warnigs (<filterref filter='clean-traffic'/>). iptables -L not show me rules with filtering. And dhcp-client on guest not working. if I remove this filter dhcpclient working fine. Guest with static ip (<host mac='52:54:00:43:67:e8' ip='192.168.122.26' /> in default.xml)
Can anybody help me? 17.11.2010 11:07, Anton Gorlov пишет:
17.11.2010 10:46, Osier Yang пишет:
This filters working in kernel space or user? it's based on iptables/ebtables, and also ip6tables in future. so, it uses these tools in userspace, works with according kernel module support, e.g. iptables_nat, ebtables, etc.
Hmm, I rebuild with libpcap == ldd `which virsh` | grep pcap libpcap.so.0.8 => /usr/lib64/libpcap.so.0.8 (0x00007fb631f4b000) ==
guest start with no warnigs (<filterref filter='clean-traffic'/>). iptables -L not show me rules with filtering. And dhcp-client on guest not working. if I remove this filter dhcpclient working fine. Guest with static ip (<host mac='52:54:00:43:67:e8' ip='192.168.122.26' /> in default.xml)
participants (2)
-
Anton Gorlov -
Osier Yang