On 2/5/20 5:14 PM, Stoiko Ivanov wrote: > On Wed, 5 Feb 2020 15:57:13 +0100 > Oguz Bektas <o.bek...@proxmox.com> wrote: > >> apparently sometimes users have problems reaching outside internet with >> some network setups. this is the workaround a user suggested that >> we should add in the wiki. > > Thanks for the initiative - that does come up indeed every now and then in > our various support channels (and it usually takes me quite a while to > find the trustworthy forum-post by Alexandre (Thanks!!), which I quote on > that ;) > > As an optional suggestion: I would try to add some more > rationale, as to why users should put those iptables rules in their > firewall - (maybe: due to the way packets are processed in the processed > by netfilter and the rules created by pve-firewall?) - Also the following > could be worth linking in the docs (or mentioning in the commit-message):
I agree with adding some rationale, Oguz, can you please followup on that in a timely manner, thanks! :) > > [0] https://commons.wikimedia.org/wiki/File:Netfilter-packet-flow.svg > [1] https://lwn.net/Articles/370152/ (patch from 2010 on netdev-list > introducing the conntrack zones) > [2] https://blog.lobraun.de/2019/05/19/prox/ (a blog post with a good > explanation, by using the TRACE target in the raw table) > [3] > https://forum.proxmox.com/threads/firewall-stops-vm-ct-communication-also-have-to-reboot-to-fix.59811/#post-275921 > > (the forum post I usually quote on those issues) > _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
