Hi,
I'm not sure but I think I suffer under the same problem with a bit
different setup with squeeze testing and xen 4.0rc5.
In fact I'm using bridges in the dom0 and the connections to the domU
get lost sporadically.
In don't see where's a solution to the problem... Is it now a bug? When
it's an iptables bug, where's the corresponding bug in the iptables
bugtracker and what exactly is iptables doing wrong.
You stated "...but as the syslog message clearly indicates this rule
works perfectly when the traffic is bridged."
I'm using bridges but it's not working obviously.
/etc/network/interfaces
auto br0
allow-hotplug br0
iface br0 inet static
address 10.100.200.20
netmask 255.255.255.0
dns-nameservers 10.100.200.3
gateway 10.100.200.3
bridge_ports eth0
allow-hotplug br1
auto br1
iface br1 inet manual
bridge_ports eth1
This is my logs:
Sep 6 09:47:14 elise kernel: [71970.564974] br1: port 2(vif1.1)
entering disabled state
Sep 6 09:47:14 elise kernel: [71970.578040] br1: port 2(vif1.1)
entering disabled state
Sep 6 09:47:14 elise kernel: [71970.718785] physdev match: using
--physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for
non-bridged traffic is not supported anymore.
Sep 6 09:47:14 elise kernel: [71970.718797] physdev match: using
--physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for
non-bridged traffic is not supported anymore.
Sep 6 09:47:14 elise kernel: [71970.718803] physdev match: using
--physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for
non-bridged traffic is not supported anymore.
Sep 6 09:47:14 elise kernel: [71970.724864] physdev match: using
--physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for
non-bridged traffic is not supported anymore.
Sep 6 09:47:14 elise kernel: [71970.724874] physdev match: using
--physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for
non-bridged traffic is not supported anymore.
Sep 6 09:47:15 elise kernel: [71970.871846] br0: port 2(vif1.0)
entering disabled state
Sep 6 09:47:15 elise kernel: [71970.890073] br0: port 2(vif1.0)
entering disabled state
Sep 6 09:47:15 elise kernel: [71971.010275] physdev match: using
--physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for
non-bridged traffic is not supported anymore.
Sep 6 09:47:15 elise kernel: [71971.010286] physdev match: using
--physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for
non-bridged traffic is not supported anymore.
Sep 6 09:47:15 elise kernel: [71971.016391] physdev match: using
--physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for
non-bridged traffic is not supported anymore.
Sep 6 09:47:17 elise kernel: [71972.912040] device vif3.0 entered
promiscuous mode
Sep 6 09:47:17 elise kernel: [71972.915898] br0: port 2(vif3.0)
entering learning state
Sep 6 09:47:17 elise kernel: [71972.948656] physdev match: using
--physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for
non-bridged traffic is not supported anymore.
Sep 6 09:47:17 elise kernel: [71972.953266] physdev match: using
--physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for
non-bridged traffic is not supported anymore.
Sep 6 09:47:17 elise kernel: [71972.953273] physdev match: using
--physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for
non-bridged traffic is not supported anymore.
Sep 6 09:47:17 elise kernel: [71972.986255] device vif3.1 entered
promiscuous mode
Sep 6 09:47:17 elise kernel: [71972.990441] br1: port 2(vif3.1)
entering learning state
Sep 6 09:47:17 elise kernel: [71973.011096] physdev match: using
--physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for
non-bridged traffic is not supported anymore.
Sep 6 09:47:17 elise kernel: [71973.011102] physdev match: using
--physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for
non-bridged traffic is not supported anymore.
Sep 6 09:47:17 elise kernel: [71973.016383] physdev match: using
--physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for
non-bridged traffic is not supported anymore.
Sep 6 09:47:17 elise kernel: [71973.016392] physdev match: using
--physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for
non-bridged traffic is not supported anymore.
Sep 6 09:47:17 elise kernel: [71973.016398] physdev match: using
--physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for
non-bridged traffic is not supported anymore.
Sep 6 09:47:18 elise kernel: [71974.706987] blkback: ring-ref 8,
event-channel 8, protocol 1 (x86_64-abi)
Sep 6 09:47:18 elise kernel: [71974.734701] blkback: ring-ref 9,
event-channel 9, protocol 1 (x86_64-abi)
Sep 6 09:47:32 elise kernel: [71987.913527] br0: port 2(vif3.0)
entering forwarding state
Sep 6 09:47:32 elise kernel: [71987.988031] br1: port 2(vif3.1)
entering forwarding state
