2

I'm currently running the following Kernel on CentOS 6.6 from ELRepo

[root@de14 ~]# uname -r

4.0.4-1.el6.elrepo.x86_64

Anything related to a bridge doesn't work, what I've come to understand is CentOS runs sysctl.conf before the bridge is come up

echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables

/proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory

There's nothing under,

-bash: cd: /proc/sys/net/bridge: No such file or directory

But br0 which is a bridge on eth0 works fine, what would be the best way to get the usual bridge capabilities back (bridge-nf-call-iptables) and the like ?

Community
  • 1
Arjit Chaudhary
  • 25
  • 1
  • 4
  • are you sure you are not running a wrong kernel, kernel 4? ummm, i have "/proc/sys/net/bridge/bridge-nf-call-iptable" file i in centos with an stock kernel "3.10.0-123.el7.x86_64" – c4f4t0r Jun 10 '15 at 12:59
  • Yep, the kernel's from elrepo, they have Linux 4.x.x kernels for both CentOS 6 and CentOS 7. – Arjit Chaudhary Jun 10 '15 at 13:01
  • why you don't use the standard kernel? do you need some functionality included in the kernel 4? – c4f4t0r Jun 10 '15 at 13:10
  • @c4f4t0r somehow the standard 2.x.x kernel in CentOS doesn't work too well with KVM guests on the hardware I'm running, the KVM guests keep randomly turning off. The ELRepo kernel is so far so good. – Arjit Chaudhary Jun 10 '15 at 16:27

1 Answers1

2

In recent kernels, the /proc/sys/net/bridge collection of sysctls is provided by the br_netfilter module. When your system boots, you may see a message like this from the kernel:

bridge: automatic filtering via arp/ip/ip6tables has been deprecated. 
Update your scripts to load br_netfilter if you need this.

For example:

# ls /proc/sys/net/bridge
ls: cannot access /proc/sys/net/bridge: No such file or directory
# modprobe br_netfilter
# ls /proc/sys/net/bridge
bridge-nf-call-arptables  bridge-nf-filter-pppoe-tagged
bridge-nf-call-ip6tables  bridge-nf-filter-vlan-tagged
bridge-nf-call-iptables   bridge-nf-pass-vlan-input-dev
larsks
  • 43,623
  • 14
  • 121
  • 180
  • Perfect! This works. I've reported the bug to ELRepo as well to include netfliter in the kernel itself/in-built support rather than a module as well. Thanks @larsks – Arjit Chaudhary Jun 10 '15 at 14:52