Hello,
I started playing with KVM and setup a few bridges and VLANs for VMs. I found some articles and examples but all of them are for old distributions.
I currently run KVM on Kubuntu 16.10 on my laptop with single NIC connected over USB. I know that this isnt nice combination but it works for me for testing. I setup bridges and VLANs using great script in: http://serverfault.com/questions/543...m-guests-linux
since I can make if functional using static configuration in /etc/network/interfaces for some reason.
One thing that Im struggling with is how to disable iptables processing for all bridges for security and performance reasons.
I found some old articles that have instructions to add to /etc/sysctl.conf:
This setup causes error when: sysctl -p
in man page http://manpages.ubuntu.com/manpages/...ysctl.d.5.html
I found probably more current instructions.
My current configuration is:
new file: /etc/udev/rules.d/99-bridge.rules:
new file: /etc/sysctl.d/bridge.conf:
Could you please tell me, is it correct configuration? How can I check that the configuration works? Thank you.
I started playing with KVM and setup a few bridges and VLANs for VMs. I found some articles and examples but all of them are for old distributions.
I currently run KVM on Kubuntu 16.10 on my laptop with single NIC connected over USB. I know that this isnt nice combination but it works for me for testing. I setup bridges and VLANs using great script in: http://serverfault.com/questions/543...m-guests-linux
since I can make if functional using static configuration in /etc/network/interfaces for some reason.
One thing that Im struggling with is how to disable iptables processing for all bridges for security and performance reasons.
I found some old articles that have instructions to add to /etc/sysctl.conf:
Code:
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-filter-pppoe-tagged = 0
net.bridge.bridge-nf-filter-vlan-tagged = 0in man page http://manpages.ubuntu.com/manpages/...ysctl.d.5.html
I found probably more current instructions.
My current configuration is:
new file: /etc/udev/rules.d/99-bridge.rules:
Code:
ACTION=="add", SUBSYSTEM=="module", KERNEL=="br_netfilter", RUN+="/lib/systemd/systemd-sysctl --prefix=/net/bridge"Code:
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-filter-pppoe-tagged = 0 # I added this, not specified in man page
net.bridge.bridge-nf-filter-vlan-tagged = 0 # I added this, not specified in man page