I understand , but if you allow it in this CHAIN tap1_IC it will not go into the CHAIN for tap3_OC If you cannot find the issue , I guess you will need to take a look at the combined setup from the HOST if theses VMs . brctl show ifconfig ebtables-save ebtables -L And see if counters and tcpdumps of the interfaces and bridges can help you track down where the packets are going or being DROPed . Best regards André Paulsberg-Csibi Senior Network Engineer Fault Handling IBM Services AS andre.paulsberg-csibi@xxxxxxxx M +47 9070 5988 -----Original Message----- From: xiegaofeng@xxxxxxxxxxxxx [mailto:xiegaofeng@xxxxxxxxxxxxx] Sent: 11. mai 2017 09:01 To: André Paulsberg-Csibi (IBM Consultant) <Andre.Paulsberg-Csibi@xxxxxxxx>; Netfilter <netfilter@xxxxxxxxxxxxxxx> Subject: Re: Multicast does not work on ebtables Sorry, it's my input error. When hit the rules of tap1, I copied and pasted them for tap1 and tap2, but forgot to modify them altogether. In my last mail, there are three kinds of errors about ebtables rules. 1. It should be ebtables, not ebtalbes. 2. In the following rule, It should be -A, not -p. ebtables -p tap2_OC --among-src 52:54:0:1:6c:c1=10.200.10.101 -j ACCEPT 3. In the FORWARD chain, it should be: ebtables -A FORWARD -i tap1 -j tap1_IC ebtables -A FORWARD -o tap1 -j tap1_OC ebtables -A FORWARD -i tap2 -j tap2_IC ebtables -A FORWARD -o tap2 -j tap2_OC ebtables -A FORWARD -i tap3 -j tap3_IC ebtables -A FORWARD -o tap3 -j tap3_OC tap1_IC and tap1_OC are for tap1. tap2_IC and tap2_OC are for tap2. tap3_IC and tap3_OC are for tap3. In my test, the Broadcast packets from VM1 won't enter into VM3, but the Multicast packets from VM1 enter into VM3. I don't known why. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
