Bug #4680
Ebtables filtering too strict (can't talk to non-ONe hosts on the same network)
| Status: | Closed | Start date: | 07/25/2016 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Jaime Melis | % Done: | 0% | |
| Category: | Drivers - Network | |||
| Target version: | Release 5.2 | |||
| Resolution: | Pull request: | |||
| Affected Versions: | OpenNebula 4.12, OpenNebula 4.14, OpenNebula 5.0 |
Description
Note: this is a repost of the problem mentioned here:
https://forum.opennebula.org/t/ebtables-filtering-too-strict/2011
I use ebtables-based VNet in order to be able to force the assigned MAC address for a VM. The problem is that Ebtables.rb adds also filtering in the other direction, which drops packets which are not from the assigned MAC address range from a given VNET. This is incorrect, because the VNET can also be bridged to non-ONe infrastructure, where other MAC addresses can legally appear. In my case, the VM on an ebtables-based VNET cannot receive the DHCP reply from a non-ONe DHCP server.
My suggested fix is to omit the call to ebtables(in_rule) in /var/lib/one/remotes/vnm/ebtables/Ebtables.rb line 52 or so altogether.
The issue is present in 4.12, 4.14, and 5.0.2.
Related issues
Associated revisions
Bug #4680: Ebtables filtering too strict (can't talk to non-ONe hosts on
the same network)
History
#1
Updated by Carlos MartÃn almost 5 years ago
- Target version set to Release 5.2
#2
Updated by Ruben S. Montero almost 5 years ago
- Status changed from Pending to New
- Priority changed from Low to Normal
#3
Updated by Ruben S. Montero almost 5 years ago
- Assignee set to Jaime Melis
#4
Updated by Ruben S. Montero almost 5 years ago
- Related to Bug #4727: Openvswitch driver always add mac spoofing rules added
#5
Updated by Ruben S. Montero almost 5 years ago
- Related to Feature #3387: Make OpenNebulaNetwork.conf settings overridable per network added
#6
Updated by Jaime Melis almost 5 years ago
- Status changed from New to Closed