Hello Dietmar,
I'm using the a network configuration based on
http://help.ovh.co.uk/Proxmox (need to use SNAT or MASQUERADING, and
ip_forwarding is turned on).
I'll check also the GROUP option and the regression tests.
Regards,
Flav
2015-05-11 6:22 GMT+02:00 Dietmar Maurer :
>> How do are you
> How do are you doing that? Creating a group didn't adds anything in
> FORWARD chain. And linux netfilter is forwarding all packets from one
> bridge to the other (I am using the host as a "router" for the
> bridges).
The idea is to create a group with all rules you want to apply, for example:
#
How do are you doing that? Creating a group didn't adds anything in
FORWARD chain. And linux netfilter is forwarding all packets from one
bridge to the other (I am using the host as a "router" for the
bridges).
2015-05-10 17:04 GMT+02:00 Dietmar Maurer :
>> *guests in vmbr1 are allowed to receive
> *guests in vmbr1 are allowed to receive external traffic only on port 80
> *guests in vmbr2 are allowed only to receive only traffic on mysql
> port from 10.1.1.0/24
>
> set FORWARDING policy to REJECT or DROP
> add rules:
> * chain FORWARD from any to 10.1.1.0/24 port tcp/80 accept
> * chain FO
Example:
the host has several internal bridges:
* vmbr0: x.x.x.x that contains eth0
* vmbr1: 10.1.1.0/24 : this bridge has the "front" VMs
* vmbr2: 10.1.2.0/24 : this bridge has the "back" VMs
vmbr1 and vmbr2 are not connected on an external switch
I use kvm guests.
*guests in vmbr1 are allowed
> This is very usefull if someone wants to have gusts in different subnets (on
> different vlans) and add a firewall between the subnets.
Why is it usefull? Please can you be more specific, maybe giving an example?
___
pve-devel mailing list
pve-devel@p
This patch on pve-manager and pve-firewall (on 3.4 stable branch) add the
control on FORWARD chain.
This is very usefull if someone wants to have gusts in different subnets (on
different vlans) and add a firewall between the subnets.
Regards,
Flav
__
