有时候,iptables的规则会阻止bridge的包进行三层转发,修改如下
或者干脆简单点
iptables -t raw -I PREROUTING -i BRIDGE -s x.x.x.x -j NOTRACK.
或则 iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
cat >> /etc/sysctl.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
EOF
或者干脆简单点
iptables -t raw -I PREROUTING -i BRIDGE -s x.x.x.x -j NOTRACK.
或则 iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT