Comment 8 for bug 573461

Ubuntu 10.04.1. Both of the above workarounds are not working for me.

I can connect to my server if ufw is disabled with "ufw disable". But as soon as I turn on ufw, I cannot connect to it. I have bridged networking. (I use this server for both KVM and LXC, but during testing I turned off all KVM VMs and LXC containers.)

# On the server:
root@cst6:~# ufw disable
Firewall stopped and disabled on system startup
root@cst6:~# tail -n 3 /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
root@cst6:~# sysctl -p /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
root@cst6:~# tail -n 2 /etc/ufw/before.rules
-I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
COMMIT
root@cst6:~# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
root@cst6:~#

# Then I get filtered on my laptop:
derek@derek-laptop:~$ telnet cst6 22
Trying 192.168.2.13...
telnet: Unable to connect to remote host: Connection timed out
derek@derek-laptop:~$

I can see the packets getting filtered in the server /var/log/messages. (192.168.2.10 is the laptop, .2.16 is the server:)

Apr 9 15:53:46 cst6 kernel: [ 1833.009899] [UFW BLOCK] IN=br0 OUT= MAC=94:0c:6d:bc:no:no:no:no:no:no:no:no:no:no SRC=192.168.2.10 DST=192.168.2.13 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=52607 DF PROTO=TCP SPT=41819 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0

The other UFW is default. I have two bridges, br0 and br1. The one I'm playing with, br0, is DHCP (not that it matters).

Any other solutions? I've looked at my rules with iptables -L but I don't see anything weird.

This is not specific to KVM or libvirt, I don't think. I've taken KVM out of the picture. Any help is appreciated.