FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Server Development

 
 
LinkBack Thread Tools
 
Old 07-30-2010, 07:22 AM
Jimmy Stewpot
 
Default kvm briding and ubuntu

Hello,

I have a working environment where I have the following configuration. eth0 is in the bridge br0. I then have a KVM virtual machine running perfectly. I now want to configure the host server (With br0) to have a set of iptables rules. Unfortunately every time I add any rules to the interface br0/eth0 i loose all connectivity despite having a permit/any/any rule for port 22. Can anyone provide any insight into why that would be the case?

Regards,

Jimmy.

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 07-30-2010, 09:28 AM
Henning Sprang
 
Default kvm briding and ubuntu

Hi Jimmy,

Can you be more specific and tell exactly what rules you add how to which interface, and what exactly happens then?

Which packets stop going which way that they previously took and how do you meadure it?


Henning




Am 30.07.2010 09:24 schrieb "Jimmy Stewpot" <mailers@oranged.to>:

Hello,



I have a working environment where I have the following configuration. eth0 is in the bridge br0. I then have a KVM virtual machine running perfectly. I now want to configure the host server (With br0) to have a set of iptables rules. Unfortunately every time I add any rules to the interface br0/eth0 i loose all connectivity despite having a permit/any/any rule for port 22. Can anyone provide any insight into why that would be the case?




Regards,



Jimmy.



--

ubuntu-server mailing list

ubuntu-server@lists.ubuntu.com

https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

More info: https://wiki.ubuntu.com/ServerTeam



--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 07-30-2010, 12:42 PM
Dan Sheffner
 
Default kvm briding and ubuntu

Here is the script I'm using on my server with br0 and eth0.* The three services I have running are https, http, and ssh.* I also have it setup so you can forward traffic through the KVM server.* So basically the route of the virtual machines is the ip of the KVM server and that passes the traffic on to the public network.* I am also in the same boat about having only have ssh access to the server.* What I do is schedule cron to reset iptables every 30 min.* So when I do screw up ssh access and lock myself out I know that every 30 min I can get back in.* Just don't forget that it does run every 30 min and could run when you are testing Once you have iptables correct remove the cronjob to reset iptables.* Hope this helps some.* Let me know what you are trying to accomplish with your iptables.* eth0 is on the public side and br0 is on the private side.* I also have my DNS servers on both the private and public network.* Not having DNS on the private side is a nightmare.*


#!/bin/bash

#First we flush our current rules
iptables -F
iptables -t nat -F

#Setup default policies to handle unmatched traffic
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT


#Copy and paste these examples ...
export LAN=br0
export WAN=eth0

#Then we lock our services so they only work from the LAN
iptables -I INPUT 1 -i ${LAN} -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT

iptables -A INPUT -p UDP --dport bootps -i ! ${LAN} -j REJECT
iptables -A INPUT -p UDP --dport domain -i ! ${LAN} -j REJECT

#(Optional) Allow access to our ssh server from the WAN
iptables -A INPUT -p TCP --dport ssh -i ${WAN} -j ACCEPT

iptables -A INPUT -p TCP --dport http -i ${WAN} -j ACCEPT
iptables -A INPUT -p TCP --dport https -i ${WAN} -j ACCEPT
#Drop TCP / UDP packets to privileged ports

#iptables -A INPUT -p TCP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP

#iptables -A INPUT -p UDP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP

#Finally we add the rules for NAT
iptables -I FORWARD -i ${LAN} -d 192.168.0.0/255.255.0.0 -j ACCEPT

iptables -A FORWARD -i ${LAN} -s 192.168.0.0/255.255.0.0 -j ACCEPT
iptables -A FORWARD -i ${WAN} -d 192.168.0.0/255.255.0.0 -j ACCEPT

iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE

# Tell the kernel that ip forwarding is OK
echo 1 > /proc/sys/net/ipv4/ip_forward
# for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done



On Fri, Jul 30, 2010 at 4:28 AM, Henning Sprang <henning.sprang@gmail.com> wrote:


Hi Jimmy,

Can you be more specific and tell exactly what rules you add how to which interface, and what exactly happens then?

Which packets stop going which way that they previously took and how do you meadure it?


Henning





Am 30.07.2010 09:24 schrieb "Jimmy Stewpot" <mailers@oranged.to>:

Hello,



I have a working environment where I have the following configuration. eth0 is in the bridge br0. I then have a KVM virtual machine running perfectly. I now want to configure the host server (With br0) to have a set of iptables rules. Unfortunately every time I add any rules to the interface br0/eth0 i loose all connectivity despite having a permit/any/any rule for port 22. Can anyone provide any insight into why that would be the case?





Regards,



Jimmy.



--

ubuntu-server mailing list

ubuntu-server@lists.ubuntu.com

https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

More info: https://wiki.ubuntu.com/ServerTeam



--

ubuntu-server mailing list

ubuntu-server@lists.ubuntu.com

https://lists.ubuntu.com/mailman/listinfo/ubuntu-server

More info: https://wiki.ubuntu.com/ServerTeam


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 

Thread Tools




All times are GMT. The time now is 02:45 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org