Am 16.06.2014 11:49, schrieb Alexandre DERUMIER: >>> I think this should get cleaned in that case? > > currently the cleanup is done: > > at vm shutdown > at vm start > when you disable|enable firewall on netX through api > > but indeed we can improve that (I'll try to have a look at it) > > >>> I just don't get why it works for vmbr1 but not for vmbr0. > > can you try to manually add > > #brctl addif fwln2004i0 fwbr2004i0 > #brctl addif fwpr2004p0 vmbr0
OK what i did: # brctl addbr fwbr2004i0 # ip link set fwbr2004i0 up # ip link add name fwln2004i0 type veth peer name fwpr2004p0 mtu 1500 # ip link set fwln2004i0 up # ip link set fwpr2004p0 up # brctl addif fwbr2004i0 fwln2004i0 # brctl addif vmbr0 fwpr2004p0 can't add fwpr2004p0 to bridge vmbr0: Unknown error 524 But brctl addif vmbr1 fwpr2004p0 works fine ?!?! # brctl addif vmbr1 fwpr2004p0; echo $? 0 # I don't get it. Stefan > ----- Mail original ----- > > De: "Stefan Priebe - Profihost AG" <s.pri...@profihost.ag> > À: "Alexandre DERUMIER" <aderum...@odiso.com> > Cc: pve-devel@pve.proxmox.com > Envoyé: Lundi 16 Juin 2014 11:40:59 > Objet: Re: [pve-devel] can't add fwpr2004p0 to bridge vmbr0: Unknown error > 524 > > Am 16.06.2014 11:37, schrieb Alexandre DERUMIER: >>>> What is the difference between the normal tap device without firewall - >>>> which works fine for me on vmbr0 and vmbr1 and the firewall tap one? >> >> They are not difference. >> >> we just need a dedicated bridge (fwbrxxx) by firewalled tap interface, >> and this bridge is plugged to vmbrX through a veth pair( fwprxxxx) > > I just don't get why it works for vmbr1 but not for vmbr0. > > I don't see a difference. > > Generally if adding the bridge fails for whatever reason there is a lot > of unremoved stuff: > > [: ~]# ip a l | grep fwbr > 14: fwbr2004i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > state UP > 16: fwln2004i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc > pfifo_fast master fwbr2004i0 state UP qlen 1000 > > [: ~]# ifconfig| grep ^fw > fwbr2004i0 Link encap:Ethernet HWaddr d2:74:33:d9:50:92 > fwln2004i0 Link encap:Ethernet HWaddr d2:74:33:d9:50:92 > fwpr2004p0 Link encap:Ethernet HWaddr b2:47:35:28:2c:de > > I think this should get cleaned in that case? > > Stefan > >> >> ----- Mail original ----- >> >> De: "Stefan Priebe - Profihost AG" <s.pri...@profihost.ag> >> À: "Alexandre DERUMIER" <aderum...@odiso.com> >> Cc: pve-devel@pve.proxmox.com >> Envoyé: Lundi 16 Juin 2014 11:29:00 >> Objet: Re: [pve-devel] can't add fwpr2004p0 to bridge vmbr0: Unknown error >> 524 >> >> What is the difference between the normal tap device without firewall - >> which works fine for me on vmbr0 and vmbr1 and the firewall tap one? >> >> Stefan >> Am 16.06.2014 11:10, schrieb Stefan Priebe - Profihost AG: >>> Hi, >>> >>> i get the same problem with the official redhat PVE Kernel. >>> >>> What i don't understand is that it works fine with vmbr1 but not with >>> vmbr0. >>> >>> Interfaces file on host: >>> >>> auto vmbr0 >>> iface vmbr0 inet static >>> address XX.XX.XX.XX >>> netmask 255.255.255.128 >>> gateway XX.XX.XX.XX >>> bridge_ports bond0 >>> bridge_stp off >>> bridge_fd 0 >>> >>> auto vmbr1 >>> iface vmbr1 inet manual >>> bridge_ports bond1 >>> bridge_stp off >>> bridge_fd 0 >>> >>> Stefan >>> >>> Am 16.06.2014 09:50, schrieb Alexandre DERUMIER: >>>>>> Do i need a special kernel feature? >>>> I don't think. >>>> It's just create a veth pair, then plug them in bridge. >>>> >>>> I check my logs, I don't have theses >>>> >>>> "netpoll: (null): fwpr2004p0 doesn't support polling, aborting " >>>> >>>> do you use a custom kernel ? >>> >>> Stefan >>> _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel