Hi�
this is my bridge structure�
=========================================
brctl show
bridge name � �bridge id � � � �STP enabled � �interfaces
br0 � � � �8000.0023aea32e26 � �no � � � � � � � � � �eth0
� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �tapxp
=========================================
I tunneled a tapxp for my xp virtual machine.
host is centos 6 using eth0
eth0 & tapxp are under bridge br0 and they work well.
I wish to open 22 for host 80 for xp to outside.
others to the outside are blocked.
but I also wanna constrict nothing between host and xp
now for host it's OK to open 22 and others are blocked.�
and I just want to open the connection between host and xp now.
I tried the following command ....
==========================================================================
iptables -A OUTPUT -s argent -m physdev --physdev-in tapxp -j�ACCEPT
iptables -A OUTPUT -s argent -m policy --dir out --mode tunnel --tunnel-dst 172.18.16.0/21 -j ACCEPT
iptables -A OUTPUT -j LOG --log-tcp-sequence --log-level debug --log-prefix 'OUTPUT:'
==========================================================================
but failed by logging this
================================================================
6381 Aug �8 15:45:04 argent kernel: OUTPUT:IN= OUT=br0�SRC="" DST=172.18.22.180 LEN=60 TOS=0x00 PREC=0x00�TTL=64 ID=54323 DF PROTO=TCP SPT=52595 DPT=3389 SEQ=1304299590�ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0�
================================================================
from this log, I think it should in the OUTPUT chain, not FORWARD
but why could I open it?�
1) is there a much more verbose log could be used, or could be opened.
2) how to solve this?
thanks�
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
