Scott Bronson a écrit : > > iptables -t nat -I POSTROUTING -s 192.168.122.10 -d 192.168.122.10 -p > tcp -j MASQUERADE > iptables -t nat -I POSTROUTING -s 192.168.122.10 -d 192.168.122.10 -p > udp -j MASQUERADE Why restrict the MASQUERADE to TCP and UDP ? > Gotta say, unning `echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables` in my > script makes me a little queasy... but this page suggests that no other option > will work cross-distro: > > http://wiki.libvirt.org/page/Net.bridge-nf-call_and_sysctl.conf > > I guess that's still the case? Well, the problem is to make sure that the command is run after the bridge module has been loaded. Maybe a way to achieve this is to use the "install" command in /etc/modprobe.conf or /etc/modprobe.d/bridge.conf to have modprobe itself run the command after loading the module : install bridge /sbin/modprobe --ignore-install bridge $CMDLINE_OPTS ; echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables (all in one line) Of course it won't work if the module is loaded with insmod. Also, the manpage states that this command may become deprecated. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
