Editing Bridge doesn't forward packets
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
− | Sometimes | + | Sometimes bridge can mysteriously drop the packets and not forward them. |
− | e.g. eyck user experienced a problem when some of the broadcasts were not | + | e.g. eyck user experienced a problem when some of the broadcasts were not delivered to VE via the bridge. |
− | delivered to | ||
Original report and the thread: [http://forum.openvz.org/index.php?t=tree&th=4052& forum thread] | Original report and the thread: [http://forum.openvz.org/index.php?t=tree&th=4052& forum thread] | ||
Line 7: | Line 6: | ||
== Simplest configuration == | == Simplest configuration == | ||
− | + | VE #101 with veth interface (veth101.0) connected to eth0 physical interface via bridge. | |
== Problem statement == | == Problem statement == | ||
− | We faced a situation when some of the broadcast packets were not delivered to | + | We faced a situation when some of the broadcast packets were not delivered to the VE. |
− | the | + | Actually it could happen with any packets, not with the broadcasts only. But broadcasts are |
− | broadcasts only. But broadcasts are simpler and obviously should have been | + | simpler and obviously should have been delivered to all the networking interfaces with no doubt. |
− | delivered to all the networking interfaces with no doubt. | ||
− | Using tcpdump we see that BOOTP/DHCP request is visible on br0 interface in | + | Using tcpdump we see that BOOTP/DHCP request is visible on br0 interface in the host system (VE0): |
− | the host system ( | ||
15:21:52.258220 00:1b:d5:2c:bf:38 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 350: 0.0.0.0.68 > 255.255.255.255.67: | 15:21:52.258220 00:1b:d5:2c:bf:38 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 350: 0.0.0.0.68 > 255.255.255.255.67: | ||
BOOTP/DHCP, Request from 00:1b:d5:2c:bf:38, length 308 | BOOTP/DHCP, Request from 00:1b:d5:2c:bf:38, length 308 | ||
Line 23: | Line 20: | ||
BOOTP/DHCP, Reply, length 300 | BOOTP/DHCP, Reply, length 300 | ||
− | However, eth0 inside | + | However, eth0 inside VE receives only 2nd packet with BOOTP/DHCP reply and doesn't see the 1st one with the request itself: |
15:21:52.291145 00:08:02:ac:36:20 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: 172.17.8.254.67 > 255.255.255.255.68: | 15:21:52.291145 00:08:02:ac:36:20 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: 172.17.8.254.67 > 255.255.255.255.68: | ||
BOOTP/DHCP, Reply, length 300 | BOOTP/DHCP, Reply, length 300 | ||
Line 29: | Line 26: | ||
== Resolution == | == Resolution == | ||
− | It is not obvious at all, but bridges (though | + | It is not obvious at all, but bridges (though have own ebtables filters) do also call iptables FORWARD chain when forwarding packets between interfaces. |
Thus your FORWARD iptables rules should allow all the packets which are supposed to go through. | Thus your FORWARD iptables rules should allow all the packets which are supposed to go through. | ||
Line 35: | Line 32: | ||
iptables -A FORWARD -d 255.255.255.255 -j ACCEPT | iptables -A FORWARD -d 255.255.255.255 -j ACCEPT | ||
to fix the issue. | to fix the issue. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
== Credits == | == Credits == |