Sorry, it's my input error. When hit the rules of tap1, I copied and pasted them for tap1 and tap2, but forgot to modify them altogether. In my last mail, there are three kinds of errors about ebtables rules. 1. It should be ebtables, not ebtalbes. 2. In the following rule, It should be -A, not -p. ebtables -p tap2_OC --among-src 52:54:0:1:6c:c1=10.200.10.101 -j ACCEPT 3. In the FORWARD chain, it should be: ebtables -A FORWARD -i tap1 -j tap1_IC ebtables -A FORWARD -o tap1 -j tap1_OC ebtables -A FORWARD -i tap2 -j tap2_IC ebtables -A FORWARD -o tap2 -j tap2_OC ebtables -A FORWARD -i tap3 -j tap3_IC ebtables -A FORWARD -o tap3 -j tap3_OC tap1_IC and tap1_OC are for tap1. tap2_IC and tap2_OC are for tap2. tap3_IC and tap3_OC are for tap3. In my test, the Broadcast packets from VM1 won't enter into VM3, but the Multicast packets from VM1 enter into VM3. I don't known why. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
