Package: linux-2.6 Version: 2.6.26-17lenny1 Severity: normal This happens when I add -j LOG to the top of the INPUT and FORWARD chains and ping the VE (2001:4b78:1:0200::1) from an external host:
Aug 8 12:28:06 web01 kernel: [70845.790963] IN=eth0 OUT=venet0 SRC=2001:1418:0001:0700:0000:0000:0000:000a DST=2001:4b78:0001:0200:0000:0000:0000:0001 LEN=104 TC=0 HOPLIMIT=59 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=11237 SEQ=1 The same packet then *also* traverses the INPUT chain: Aug 8 12:28:06 web01 kernel: [70845.790963] IN=venet0 OUT= MAC= SRC=2001:1418:0001:0700:0000:0000:0000:000a DST=2001:4b78:0001:0200:0000:0000:0000:0001 LEN=104 TC=0 HOPLIMIT=59 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=11237 SEQ=1 Looks like the IPv6 packets entering the VE (where I have not configured ip6tables) are incorrectly processed by the HN instead of the VE chains. Linux web01 2.6.26-2-openvz-686 #1 SMP Sun Jul 26 23:35:12 UTC 2009 i686 GNU/Linux -- ciao, Marco
signature.asc
Description: Digital signature