[pve-devel] Contribution to pve

Michael Rasmussen mir at datanom.net
Thu Apr 19 00:02:57 CEST 2012 

Hi all,

I guess many users are in the same situation as me - only one or a few
public IPs, which means you are forced to use NAT'ing between the
public IP(s) and a number of virtual hosts running behind a venet
interface. If you further would like these virtual host on another vlan
than the bridge interface behind the venet some sort of pre- and post
routing are required.

To make live easy for my self I have made a small Perl package and a
perl interface to this package which does all required Iptables stuff.
To cut the details the package provides a few utility functions
(list current rules, clear current rules etc) and the two important
functions:
NAT: Create an outgoing NAT rule from venetN to vmbrN. Eg. venet0 is
post routed over vmbr0 using SNAT --to-source vmbr0 IP
FORWARD: Create an incoming NAT rule from vmbrN to venetN. Eg. port x
on vmbr0 is routed to venet0 port y using DNAT --to-destination venet0
IP.

Features missing:
1) Only handles tcp at the moment, be able to handle udp would be nice.
2) Clearing rules means all rules. It would be nice to be able to clear
all rules on a specific venet IP or a specific vmbr interface.
3) Web integration would be nice. For this to happen help would be
needed.

If you find the above interesting I would like to contributed my code
to the project. Missing feature 1 and 2 will be made in a short while.
Feature 3 will take time and help to be made.

-- 
Hilsen/Regards
Michael Rasmussen

Get my public GnuPG keys:
michael <at> rasmussen <dot> cc
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD3C9A00E
mir <at> datanom <dot> net
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE501F51C
mir <at> miras <dot> org
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE3E80917
--------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20120419/1997ae0f/attachment.sig>

More information about the pve-devel mailing list