Re: nat issue

To: Oleg <lego12239@yandex.ru>
Cc: debian-user@lists.debian.org
Subject: Re: nat issue
From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
Date: Sat, 05 Feb 2011 12:57:16 +0100
Message-id: <[🔎] 4D4D3B1C.9090000@plouf.fr.eu.org>
In-reply-to: <[🔎] 20110204213222.GA26883@debian>
References: <[🔎] 20110203132629.GA9723@debian> <[🔎] 4D4C131C.2090800@plouf.fr.eu.org> <[🔎] 20110204213222.GA26883@debian>

Oleg a écrit :
> On Fri, Feb 04, 2011 at 03:54:20PM +0100, Pascal Hambourg wrote:
>> 
>>>   Any ideas?
>> Yes, one : just another case of undesirable interaction between bridge
>> and netfilter (aka bridge-netfilter).
[...]
>> Setting sysctl net.bridge.bridge-nf-call-iptables=0 to disable passing
>> bridged packets to netfilter shouldf fix the problem.
> 
>   Thanks a lot! Good explanation. I completely forgot about bridge-nf-* vars.

Another option may be to use a virtual network between virtual machines
instead of a bridge, so the host does not see the traffic between them.
I don't know whether KVM provides such option, otherwise VDE (vde2)
could be used instead.

Yet another option may be to use a separate network namespace (netns),
thus separate conntracks, for the bridge and its virtual interfaces.
Don't ask me how to use this.

Reply to:

Follow-Ups:
- Re: nat issue
  - From: Oleg <lego12239@yandex.ru>

References:
- nat issue
  - From: Oleg <lego12239@yandex.ru>
- Re: nat issue
  - From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
- Re: nat issue
  - From: Oleg <lego12239@yandex.ru>

Prev by Date: Re: Installing Debian from NFS
Next by Date: Re: Squeeze release date according to distrowatch
Previous by thread: Re: nat issue
Next by thread: Re: nat issue
Index(es):
- Date
- Thread