[pve-devel] can't add fwpr2004p0 to bridge vmbr0: Unknown error 524
Alexandre DERUMIER
aderumier at odiso.com
Mon Jun 16 11:49:24 CEST 2014
>>I think this should get cleaned in that case?
currently the cleanup is done:
at vm shutdown
at vm start
when you disable|enable firewall on netX through api
but indeed we can improve that (I'll try to have a look at it)
>>I just don't get why it works for vmbr1 but not for vmbr0.
can you try to manually add
#brctl addif fwln2004i0 fwbr2004i0
#brctl addif fwpr2004p0 vmbr0
?
----- Mail original -----
De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Lundi 16 Juin 2014 11:40:59
Objet: Re: [pve-devel] can't add fwpr2004p0 to bridge vmbr0: Unknown error 524
Am 16.06.2014 11:37, schrieb Alexandre DERUMIER:
>>> What is the difference between the normal tap device without firewall -
>>> which works fine for me on vmbr0 and vmbr1 and the firewall tap one?
>
> They are not difference.
>
> we just need a dedicated bridge (fwbrxxx) by firewalled tap interface,
> and this bridge is plugged to vmbrX through a veth pair( fwprxxxx)
I just don't get why it works for vmbr1 but not for vmbr0.
I don't see a difference.
Generally if adding the bridge fails for whatever reason there is a lot
of unremoved stuff:
[: ~]# ip a l | grep fwbr
14: fwbr2004i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP
16: fwln2004i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast master fwbr2004i0 state UP qlen 1000
[: ~]# ifconfig| grep ^fw
fwbr2004i0 Link encap:Ethernet HWaddr d2:74:33:d9:50:92
fwln2004i0 Link encap:Ethernet HWaddr d2:74:33:d9:50:92
fwpr2004p0 Link encap:Ethernet HWaddr b2:47:35:28:2c:de
I think this should get cleaned in that case?
Stefan
>
> ----- Mail original -----
>
> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag>
> À: "Alexandre DERUMIER" <aderumier at odiso.com>
> Cc: pve-devel at pve.proxmox.com
> Envoyé: Lundi 16 Juin 2014 11:29:00
> Objet: Re: [pve-devel] can't add fwpr2004p0 to bridge vmbr0: Unknown error 524
>
> What is the difference between the normal tap device without firewall -
> which works fine for me on vmbr0 and vmbr1 and the firewall tap one?
>
> Stefan
> Am 16.06.2014 11:10, schrieb Stefan Priebe - Profihost AG:
>> Hi,
>>
>> i get the same problem with the official redhat PVE Kernel.
>>
>> What i don't understand is that it works fine with vmbr1 but not with
>> vmbr0.
>>
>> Interfaces file on host:
>>
>> auto vmbr0
>> iface vmbr0 inet static
>> address XX.XX.XX.XX
>> netmask 255.255.255.128
>> gateway XX.XX.XX.XX
>> bridge_ports bond0
>> bridge_stp off
>> bridge_fd 0
>>
>> auto vmbr1
>> iface vmbr1 inet manual
>> bridge_ports bond1
>> bridge_stp off
>> bridge_fd 0
>>
>> Stefan
>>
>> Am 16.06.2014 09:50, schrieb Alexandre DERUMIER:
>>>>> Do i need a special kernel feature?
>>> I don't think.
>>> It's just create a veth pair, then plug them in bridge.
>>>
>>> I check my logs, I don't have theses
>>>
>>> "netpoll: (null): fwpr2004p0 doesn't support polling, aborting "
>>>
>>> do you use a custom kernel ?
>>
>> Stefan
>>
More information about the pve-devel
mailing list