[libvirt] bug: network lock-out
Zdenek Styblik
stybla at turnovfree.net
Tue Oct 5 19:23:40 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
I'm sorry to report this, but network should start or stop regardless
iptables status.
virsh # net-start default
error: Failed to start network default
error: internal error '/usr/sbin/iptables --table filter --delete INPUT
- --in-interface virbr0 --protocol udp --destination-port 69 --jump
ACCEPT' exited with non-zero status 1 and signal 0: iptables: Bad rule
(does a matching rule exist in that chain?).
Ok, so I'm going to create this rule to make you happy.
virsh # net-start default
error: Failed to start network default
error: internal error '/usr/sbin/iptables --table mangle --delete
POSTROUTING --out-interface virbr0 --protocol udp --destination-port 68
- --jump CHECKSUM --checksum-fill' exited with non-zero status 2 and
signal 0: iptables v1.4.7: unknown option `--checksum-fill'
Try `iptables -h' or 'iptables --help' for more information.
And Oops, because I don't have CHECKSUM support. And to note, it's not
even in kernel. Rely on such features is unfriendly and bellow belt :)
Once again, I'm locked by hard-coded features :( That's why I "fight"
against these.
btw it's strange to me that libvirt is deleting rules that shouldn't be
present since I want to start network, not to stop it.
Let's dump all nwfilters and hope for miracle...and nothing. Same
errors, although nwfilter rules are gone. What the ...? :|
libvirt-0.8.4
Regards,
Zdenek
- --
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla at turnovfree.net
jabber: stybla at jabber.turnovfree.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkyrezwACgkQ8MreUbSH7ikbpQCdEDtbwG+PV6u0yvUZYzXlQas9
ohEAoIyy/HPZwtWlaOAgtx6jnOEFashR
=u7st
-----END PGP SIGNATURE-----
More information about the libvir-list
mailing list