ebtables rules limit

Issues related to applications and software problems
Post Reply
User avatar
mgnhost
Posts: 5
Joined: 2018/10/25 06:42:34

ebtables rules limit

Post by mgnhost » 2018/10/25 06:55:43

Hello,

How do I increase the number of rules supported by ebtables?
Now in the number of rules more than 500 it falls.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: ebtables rules limit

Post by TrevorH » 2018/10/25 09:29:52

Does it give any error messages?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
mgnhost
Posts: 5
Joined: 2018/10/25 06:42:34

Re: ebtables rules limit

Post by mgnhost » 2018/10/25 10:01:38

In /var/log/libvirt/libvirtd.log:

2018-10-23 12:20:04.655+0000: 2910: error : virCommandWait:2319 : internal error Child process (/bin/sh -c 'EBT="/sbin/ebtables"
cmd='\''$EBT -t nat -F J-vnet47-mac'\''
eval res=\$\("${cmd} 2>&1"\)
cmd='\''$EBT -t nat -X J-vnet47-mac'\''
eval res=\$\("${cmd} 2>&1"\)
cmd='\''$EBT -t nat -N J-vnet47-mac'\''
eval res=\$\("${cmd} 2>&1"\)
if [ $? -ne 0 ]; then echo "Failure to execute command '\''${cmd}'\'' : '\''${res}'\''."; exit 1;fi
cmd='\''$EBT -t nat -A libvirt-J-vnet47 -j J-vnet47-mac'\''
eval res=\$\("${cmd} 2>&1"\)
if [ $? -ne 0 ]; then echo "Failure to execute command '\''${cmd}'\'' : '\''${res}'\''."; exit 1;fi

if [ $? -ne 0 ]; then echo "Failure to execute command '\''${cmd}'\'' : '\''${res}'\''."; exit 1;fi
cmd='\''$EBT -t nat -F J-vnet47-ipv4-ip'\''
eval res=\$\("${cmd} 2>&1"\)
cmd='\''$EBT -t nat -X J-vnet47-ipv4-ip'\''
eval res=\$\("${cmd} 2>&1"\)
cmd='\''$EBT -t nat -N J-vnet47-ipv4-ip'\''
eval res=\$\("${cmd} 2>&1"\)
if [ $? -ne 0 ]; then echo "Failure to execute command '\''${cmd}'\'' : '\''${res}'\''."; exit 1;fi
cmd='\''$EBT -t nat -A libvirt-J-vnet47 -p 0x080
2018-10-23 12:20:04.770+0000: 2910: error : ebiptablesApplyNewRules:3935 : Error while building firewall: Some rules could not be created for interface vnet47:

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: ebtables rules limit

Post by TrevorH » 2018/10/25 10:09:13

If you try to run /sbin/ebtables -t nat -F J-vnet47-mac manually, does it give any better info? Or is there something logged in /var/log/messsages and/or dmesg when this happens?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
mgnhost
Posts: 5
Joined: 2018/10/25 06:42:34

Re: ebtables rules limit

Post by mgnhost » 2018/10/30 16:08:32

TrevorH wrote:
2018/10/25 10:09:13
If you try to run /sbin/ebtables -t nat -F J-vnet47-mac manually, does it give any better info? Or is there something logged in /var/log/messsages and/or dmesg when this happens?
Chain 'J-vnet47-mac' doesn't exist

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: ebtables rules limit

Post by TrevorH » 2018/10/30 16:35:38

I'm presuming that that name is dependent on what VMs you have running at the time - vnet47 belongs to a VM with id 47 f.e.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
mgnhost
Posts: 5
Joined: 2018/10/25 06:42:34

Re: ebtables rules limit

Post by mgnhost » 2018/10/30 18:13:00

Yes, this is the VDS virtual interface.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: ebtables rules limit

Post by TrevorH » 2018/10/30 18:22:37

So I'd guess you need to try to add a rule for a VM that's actually running at the time.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
mgnhost
Posts: 5
Joined: 2018/10/25 06:42:34

Re: ebtables rules limit

Post by mgnhost » 2018/10/30 18:32:40

With a large number of IP, VDS does not start.
See: https://bugs.centos.org/view.php?id=15383

Post Reply