Dear Yalang, that did the trick. If I look in the NAT table of the bridge I can see the generated rules. Probably wouldn't have though about that ever. Thanks a lot! Best Sam On 29.12.18 06:51, Yalan Zhang wrote: > Hi Sam, > > You can find the rules by below command, and it looks as below: > # ebtables -t nat --list > Bridge table: nat > > Bridge chain: PREROUTING, entries: 2, policy: ACCEPT > -j PREROUTING_direct > -i vnet0 -j libvirt-I-vnet0 > > Bridge chain: OUTPUT, entries: 1, policy: ACCEPT > -j OUTPUT_direct > > Bridge chain: POSTROUTING, entries: 2, policy: ACCEPT > -j POSTROUTING_direct > -o vnet0 -j libvirt-O-vnet0 > > Bridge chain: PREROUTING_direct, entries: 0, policy: RETURN > > Bridge chain: POSTROUTING_direct, entries: 0, policy: RETURN > > Bridge chain: OUTPUT_direct, entries: 0, policy: RETURN > > Bridge chain: libvirt-I-vnet0, entries: 9, policy: ACCEPT > -j I-vnet0-mac > -p IPv4 -j I-vnet0-ipv4-ip > -p IPv4 -j ACCEPT > -p ARP -j I-vnet0-arp-mac > -p ARP -j I-vnet0-arp-ip > -p ARP -j ACCEPT > -p 0x8035 -j I-vnet0-rarp > -p 0x835 -j ACCEPT > -j DROP > > Bridge chain: libvirt-O-vnet0, entries: 4, policy: ACCEPT > -p IPv4 -j O-vnet0-ipv4 > -p ARP -j ACCEPT > -p 0x8035 -j O-vnet0-rarp > -j DROP > > Bridge chain: I-vnet0-mac, entries: 2, policy: ACCEPT > -s 52:54:0:3a:40:b7 -j RETURN > -j DROP > > Bridge chain: I-vnet0-ipv4-ip, entries: 3, policy: ACCEPT > -p IPv4 --ip-src 0.0.0.0 --ip-proto udp -j RETURN > -p IPv4 --ip-src 172.16.1.2 -j RETURN > -j DROP > > Bridge chain: O-vnet0-ipv4, entries: 1, policy: ACCEPT > -j ACCEPT > > Bridge chain: I-vnet0-arp-mac, entries: 2, policy: ACCEPT > -p ARP --arp-mac-src 52:54:0:3a:40:b7 -j RETURN > -j DROP > > Bridge chain: I-vnet0-arp-ip, entries: 2, policy: ACCEPT > -p ARP --arp-ip-src 172.16.1.2 -j RETURN > -j DROP > > Bridge chain: I-vnet0-rarp, entries: 2, policy: ACCEPT > -p 0x8035 -s 52:54:0:3a:40:b7 -d Broadcast --arp-op Request_Reverse > --arp-ip-src 0.0.0.0 --arp-ip-dst 0.0.0.0 --arp-mac-src 52:54:0:3a:40:b7 > --arp-mac-dst 52:54:0:3a:40:b7 -j ACCEPT > -j DROP > > Bridge chain: O-vnet0-rarp, entries: 2, policy: ACCEPT > -p 0x8035 -d Broadcast --arp-op Request_Reverse --arp-ip-src 0.0.0.0 > --arp-ip-dst 0.0.0.0 --arp-mac-src 52:54:0:3a:40:b7 --arp-mac-dst > 52:54:0:3a:40:b7 -j ACCEPT > -j DROP > > For interface set as: > <interface type='bridge'> > <mac address='52:54:00:3a:40:b7'/> > <source bridge='br0'/> > <target dev='vnet0'/> > <model type='rtl8139'/> > <filterref filter='clean-traffic'> > <parameter name='IP' value='172.16.1.2'/> > </filterref> > <alias name='net0'/> > <address type='pci' domain='0x0000' bus='0x00' slot='0x03' > function='0x0'/> > </interface> > > > > ------- > Best Regards, > Yalan Zhang > IRC: yalzhang _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
