This is the same behavior I see on Ubuntu 12.04 (developer branch).
I don't remember seeing this on a 2.6.38 backport to Lucid before.
During 12.04 testing I had to add this:
case node[:lsb][:codename]
when 'precise' # Ubuntu 12.04 iptables FORWARD section will control the bridge (bridging) by default. # Without the following adjustment VM guests' network will not be reachable # beyond the VM host when the FORWARD policy is set to DROP or REJECT.
# Adjust firewall immediately execute "/sbin/sysctl -w 'net.bridge.bridge-nf-call-iptables=0'" do only_if { File.exists?('/proc/sys/net/bridge') } end
# Also at boot time execute "echo 'net.bridge.bridge-nf-call-iptables=0' >> /etc/sysctl.conf" do only_if do File.exists?('/proc/sys/net/bridge') && \ File.open("/etc/sysctl.conf").grep(/^net.bridge.bridge-nf-call-iptables=0/).empty? end end
end
I made a copy of linux-lts- backport- natty: 2.6.38-13.56~lucid1 into /launchpad. net/~nutznboltz /+archive/ lp-931806- testing
https:/
and installed that on a KVM server.
by default now:
net.bridge. bridge- nf-call- iptables = 1
VM guest is firewalled off, can only reach the VM host.
If I run:
$ sudo sysctl -w net.bridge. bridge- nf-call- iptables= 0 bridge- nf-call- iptables = 0
net.bridge.
Then the VM guest can access the network.
This is the same behavior I see on Ubuntu 12.04 (developer branch).
I don't remember seeing this on a 2.6.38 backport to Lucid before.
During 12.04 testing I had to add this:
case node[:lsb] [:codename]
# Ubuntu 12.04 iptables FORWARD section will control the bridge (bridging) by default.
# Without the following adjustment VM guests' network will not be reachable
# beyond the VM host when the FORWARD policy is set to DROP or REJECT.
when 'precise'
end