[libvirt-users] nwfilter multiple IPs
Andre Goree
andre at drenet.net
Thu Mar 29 21:30:21 UTC 2018
I'm trying to apply a nwfilter rule for two networks on the same guest
interface, like so:
~ # virsh nwfilter-dumpxml 1081532-private-both
<filter name='1081532-private-both' chain='root'>
<uuid>16004b94-2b62-4568-9467-169908eb4040</uuid>
<rule action='accept' direction='in' priority='500'>
<ip srcipaddr='10.25.104.0' srcipmask='24'/>
</rule>
<rule action='accept' direction='in' priority='600'>
<ip srcipaddr='10.117.50.0' srcipmask='24'/>
</rule>
<rule action='drop' direction='in' priority='1000'/>
</filter>
Within the guest, the IPs are both setup on one interface, with the IP
for second network (10.117.50.0/24) configured as an alias, like so:
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
link/ether 00:00:0a:d0:4e:f3 brd ff:ff:ff:ff:ff:ff
inet 10.25.104.1/24 brd 10.25.104.255 scope global eth1
valid_lft forever preferred_lft forever
inet 10.117.50.1/24 brd 10.117.50.255 scope global eth1:0
valid_lft forever preferred_lft forever
inet6 fe80::200:aff:fed0:4ef3/64 scope link
valid_lft forever preferred_lft forever
The problem I'm running into is that after applying the nwfilter, I
cannot reach the second network, only the first. Is this an issue with
both IPs being on the same interface? The machine I'm attempting to
reach has the same exact configuration -- i.e. it has an IP on the same
network for both networks.
Thanks in advance for any advice that can be given.
--
Andre Goree
-=-=-=-=-=-
Email - andre at drenet.net
Website - http://blog.drenet.net
PGP key - http://www.drenet.net/pubkey.html
-=-=-=-=-=-
More information about the libvirt-users
mailing list