Versions Compared

Old Version 13

changes.mady.by.user Bruno Miretti

Saved on

compared with

New Version 14

changes.mady.by.user Bruno Miretti

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
TOC
TOC
Include Page
KBCOMMON:KB-CSSstyle
KBCOMMON:KB-CSSstyle

...

# ncu

CHARON Network Configuration Utility,  Version 1.6. Copyright (C) 2014-2019 STROMASYS SA. 
 
Interfaces Dedicated to State 
---------- ------------ ----- 
eth0 host connected to host 
eth1 host disconnected from host 
lo host unmanaged from host 
================================================================= 
bridge name bridge id STP enabled interfaces 
========================== VLAN ================================= 
================================================================= 
 select action: 
1 - Dedicate to CHARON 
2 - Release to host 
3 - Create Bridge with TAPs 
4 - Remove Bridge 
5 - Add VLAN 
6 - Remove VLAN 
7 - Print status 
8 - Exit

:> 3

...

  1. Login as "root" user.

  2. Configure the physical network interface to run in promiscuous mode using the following command. This interface will be dedicated to the whole network bridge (created later).

    # ifconfig eth<N> 0.0.0.0 promisc up

    The promiscuous mode allows the physical (or virtual) network interface to accept the entire volume of incoming packets. This mode is essential for consistency of the information transfer.

  3. In case the firewall is enabled on the host system, the following command should be executed to allow the bridge to forward IP packets.

    Red Hat Enterprise Linux 6.x:

    # /sbin/iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT

    This command can also be performed from the bridge configuration script. It has to be executed each time the iptables service is (re)started.

    It is also possible to make this setting system-wide. Either:

    1. Issue the given command from the firewall control panel.

    2. Add the following line to the end of the "/etc/sysconfig/iptables" file:

      -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT


    Red Hat Enterprise Linux 7.x and CentOS 7.x (the '>' sign below is the continuation line character):

    # firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 1 -m physdev --physdev-is-bridged \

    -j ACCEPT

    # firewall-cmd --permanent --direct --add-rule ipv6 filter INPUT 1 -m physdev --physdev-is-bridged \

    > -j ACCEPT

    # firewall-cmd --reload


...