You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Maurice Lawler <ma...@me.com> on 2013/04/27 01:35:50 UTC
Ebtables
Sorry...
Could someone please remind me, the chain I would need to delete from ebtables to permit traversing of a secondary IP on a specified instance?
== Output from Ebtables ==
-A i-2-9-VM-in -s ! 6:2f:ca:0:0:c -j DROP
-A i-2-9-VM-in -p ARP -s ! 6:2f:ca:0:0:c -j DROP
-A i-2-9-VM-in -p ARP --arp-mac-src ! 6:2f:ca:0:0:c -j DROP
-A i-2-9-VM-in -p ARP --arp-ip-src ! 66.232.104.216 -j DROP
-A i-2-9-VM-in -p ARP --arp-op Request -j ACCEPT
-A i-2-9-VM-in -p ARP --arp-op Reply -j ACCEPT
-A i-2-9-VM-in -p ARP -j DROP
-A i-2-9-VM-out -p ARP --arp-op Reply --arp-mac-dst ! 6:2f:ca:0:0:c -j DROP
-A i-2-9-VM-out -p ARP --arp-ip-dst ! IPADDRESS.OF.INSTANCE -j DROP
-A i-2-9-VM-out -p ARP --arp-op Request -j ACCEPT
-A i-2-9-VM-out -p ARP --arp-op Reply -j ACCEPT
-A i-2-9-VM-out -p ARP -j DROP
I'd appreciate any assistance in this matter.
Re: Ebtables
Posted by Jayapal Reddy Uradi <ja...@citrix.com>.
The below rules block the traffic from the secondary ips.
> -A i-2-9-VM-in -p ARP --arp-ip-src ! 66.232.104.216 -j DROP
> -A i-2-9-VM-out -p ARP --arp-ip-dst ! IPADDRESS.OF.INSTANCE -j DROP
you can either delete above rules or flush the chains.
Thanks,
Jayapal
On 27-Apr-2013, at 5:05 AM, Maurice Lawler <ma...@me.com>
wrote:
> Sorry...
>
> Could someone please remind me, the chain I would need to delete from ebtables to permit traversing of a secondary IP on a specified instance?
>
> == Output from Ebtables ==
>
> -A i-2-9-VM-in -s ! 6:2f:ca:0:0:c -j DROP
> -A i-2-9-VM-in -p ARP -s ! 6:2f:ca:0:0:c -j DROP
> -A i-2-9-VM-in -p ARP --arp-mac-src ! 6:2f:ca:0:0:c -j DROP
> -A i-2-9-VM-in -p ARP --arp-ip-src ! 66.232.104.216 -j DROP
> -A i-2-9-VM-in -p ARP --arp-op Request -j ACCEPT
> -A i-2-9-VM-in -p ARP --arp-op Reply -j ACCEPT
> -A i-2-9-VM-in -p ARP -j DROP
> -A i-2-9-VM-out -p ARP --arp-op Reply --arp-mac-dst ! 6:2f:ca:0:0:c -j DROP
> -A i-2-9-VM-out -p ARP --arp-ip-dst ! IPADDRESS.OF.INSTANCE -j DROP
> -A i-2-9-VM-out -p ARP --arp-op Request -j ACCEPT
> -A i-2-9-VM-out -p ARP --arp-op Reply -j ACCEPT
> -A i-2-9-VM-out -p ARP -j DROP
>
>
> I'd appreciate any assistance in this matter.
>
>
>
Re: Ebtables
Posted by Jayapal Reddy Uradi <ja...@citrix.com>.
The below rules block the traffic from the secondary ips.
> -A i-2-9-VM-in -p ARP --arp-ip-src ! 66.232.104.216 -j DROP
> -A i-2-9-VM-out -p ARP --arp-ip-dst ! IPADDRESS.OF.INSTANCE -j DROP
you can either delete above rules or flush the chains.
Thanks,
Jayapal
On 27-Apr-2013, at 5:05 AM, Maurice Lawler <ma...@me.com>
wrote:
> Sorry...
>
> Could someone please remind me, the chain I would need to delete from ebtables to permit traversing of a secondary IP on a specified instance?
>
> == Output from Ebtables ==
>
> -A i-2-9-VM-in -s ! 6:2f:ca:0:0:c -j DROP
> -A i-2-9-VM-in -p ARP -s ! 6:2f:ca:0:0:c -j DROP
> -A i-2-9-VM-in -p ARP --arp-mac-src ! 6:2f:ca:0:0:c -j DROP
> -A i-2-9-VM-in -p ARP --arp-ip-src ! 66.232.104.216 -j DROP
> -A i-2-9-VM-in -p ARP --arp-op Request -j ACCEPT
> -A i-2-9-VM-in -p ARP --arp-op Reply -j ACCEPT
> -A i-2-9-VM-in -p ARP -j DROP
> -A i-2-9-VM-out -p ARP --arp-op Reply --arp-mac-dst ! 6:2f:ca:0:0:c -j DROP
> -A i-2-9-VM-out -p ARP --arp-ip-dst ! IPADDRESS.OF.INSTANCE -j DROP
> -A i-2-9-VM-out -p ARP --arp-op Request -j ACCEPT
> -A i-2-9-VM-out -p ARP --arp-op Reply -j ACCEPT
> -A i-2-9-VM-out -p ARP -j DROP
>
>
> I'd appreciate any assistance in this matter.
>
>
>