-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/05/10 21:23, Zdenek Styblik wrote: > Hello, > > I'm sorry to report this, but network should start or stop regardless > iptables status. > > virsh # net-start default > error: Failed to start network default > error: internal error '/usr/sbin/iptables --table filter --delete INPUT > --in-interface virbr0 --protocol udp --destination-port 69 --jump > ACCEPT' exited with non-zero status 1 and signal 0: iptables: Bad rule > (does a matching rule exist in that chain?). > > Ok, so I'm going to create this rule to make you happy. > > virsh # net-start default > error: Failed to start network default > error: internal error '/usr/sbin/iptables --table mangle --delete > POSTROUTING --out-interface virbr0 --protocol udp --destination-port 68 > --jump CHECKSUM --checksum-fill' exited with non-zero status 2 and > signal 0: iptables v1.4.7: unknown option `--checksum-fill' > Try `iptables -h' or 'iptables --help' for more information. > > And Oops, because I don't have CHECKSUM support. And to note, it's not > even in kernel. Rely on such features is unfriendly and bellow belt :) > > Once again, I'm locked by hard-coded features :( That's why I "fight" > against these. > > btw it's strange to me that libvirt is deleting rules that shouldn't be > present since I want to start network, not to stop it. > > Let's dump all nwfilters and hope for miracle...and nothing. Same > errors, although nwfilter rules are gone. What the ...? :| > > libvirt-0.8.4 > > Regards, > Zdenek > More info: - ---SNIP--- 21:31:09.298: error : virRunWithHook:857 : internal error '/usr/sbin/iptables --table mangle --insert POSTROUTING --out-interface virbr0 --protocol udp --destination-port 68 --jump CHECKSUM - --checksum-fill' exited with non-zero status 2 and signal 0: iptables v1.4.7: unknown option `--checksum-fill' Try `iptables -h' or 'iptables --help' for more information. 21:31:09.299: warning : networkAddIptablesRules:873 : Could not add rule to fixup DHCP response checksums on network 'default'. 21:31:09.299: warning : networkAddIptablesRules:874 : May need to update iptables package & kernel to support CHECKSUM rule. 21:31:09.301: error : virRunWithHook:857 : internal error '/usr/sbin/dnsmasq --strict-order --bind-interfaces - --pid-file=/var/run/libvirt/network/default.pid --conf-file= - --listen-address 10.117.9.1 --except-interface lo' exited with non-zero status 1 and signal 0: libvir: error : cannot execute binary /usr/sbin/dnsmasq: No such file or directory 21:31:09.305: error : virRunWithHook:857 : internal error '/usr/sbin/iptables --table mangle --delete POSTROUTING --out-interface virbr0 --protocol udp --destination-port 68 --jump CHECKSUM - --checksum-fill' exited with non-zero status 2 and signal 0: iptables v1.4.7: unknown option `--checksum-fill' Try `iptables -h' or 'iptables --help' for more information. 21:31:09.343: error : virRunWithHook:857 : internal error '/usr/sbin/iptables --table filter --delete INPUT --in-interface virbr0 - --protocol udp --destination-port 69 --jump ACCEPT' exited with non-zero status 1 and signal 0: iptables: Bad rule (does a matching rule exist in that chain?). - ---SNIP--- Yes, the networking used to work and actually, who cares about failed iptables anyway? That's not the reason for not bringing up iface :| Have a better evening than I'm having! :) Zdenek - -- Zdenek Styblik Net/Linux admin OS TurnovFree.net email: stybla@xxxxxxxxxxxxxx jabber: stybla@xxxxxxxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyrfY8ACgkQ8MreUbSH7il/HwCg0ssizKjxjOWF2tEnO8IViIm0 RCsAnjqbHLh4Ag/1M64/Jqy3HPexOqvB =UZnf -----END PGP SIGNATURE----- -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list