> >>We need physdev match to filter traffic from VMs? > sorry, I wanted to say, output interface instead phydev > > >>iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j > MASQUERADE > replace by > > iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -j SNAT --to X.X.X.X (ip of > the bridge)
That does not work for me. > how is the netfilter logs, with masquerade with ip on vmbr0 and without veth > ? OUT=pm1 in that case > MASQTEST: IN= OUT=??? PHYSIN=tap116i0 PHYSOUT=???? SRC=10.10.10.3 > DST=8.8.8.8 > > > > I'm a bit lost for now, I'll try to create a testlab tomorrow to see how > things > works. _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
