On 06/17/2010 11:01 AM, Aleksander Trofimowicz wrote:
Hello, I'm just wondering why I can't manage my network interfaces through libvirt when the following kernel parameters are turned on: net.bridge.bridge-nf-call-ip6tables net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-arptables Is it a bug or by design?
There should be no problems with this. The only place any of these are used in netcf is that net.bridge.bridge-nf-call-iptables is checked at one point, and if it's set to 1, an attempt is made to assure traffic can pass through all the bridges by parsing /etc/sysconfig/iptables and adding appropriate rules (see the function bridge_physdevs() in netcf if you're into looking at source code).
One thing that has shown up recently is that when bridge-nf-call-iptables is 1, if /etc/sysconfig/iptables is empty or malformed, netcf will fail to initialize. There have been a couple of bugs filed against RHEL for this, but they haven't yet been cloned upstream. Just to verify this is actually the problem, can you check your /etc/sysconfig/iptables to see if it is 0 length (and if so, put some basic rules in and try again)?
