==Enable bridging through the host firewall==11. The host firewall rules control which packets can pass through the bridge interfaces. Add FORWARD ACCEPT statements to the host iptables and ip6tables for each VE IPv4 and IPv6 address. You do NOT need to enable any special network forwarding via sysctl. host iptables: -A FORWARD -s xxx.xxx.xxx.xxx -j ACCEPT -A FORWARD -d xxx.xxx.xxx.xxx -j ACCEPT host ip6tables: -A FORWARD -s xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx -j ACCEPT -A FORWARD -d xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx -j ACCEPT Then restart both iptables and ip6tables on the host:  service iptables restart service ip6tables restart The above rules allow the VE iptables and ip6tables configuration to be fully independent of the host iptables and ip6tables configuration. 12. Verify the host and VE have connectivity to each other as well as to the rest of the network.