[pve-devel] venet firewall broken?
Alexandre DERUMIER
aderumier at odiso.com
Mon May 12 06:47:21 CEST 2014
>>Just use RETURN instead of ACCEPT should solve the problem?
yes, but I'm not sure how to bypass rules for non firewalled vms in this case ?
I need to think a little bit more about this.
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Lundi 12 Mai 2014 06:28:11
Objet: RE: venet firewall broken?
> so, it wasn't work at all before ?
I am quite sure that worked.
> I see this iptables traffic:
> FORWARD: IN=venet0 OUT=venet0 SRC=10.3.94.204 DST=10.3.94.203 LEN=84
> TOS=0x00 PREC=0x00 TTL=64 ID=25368 PROTO=ICMP TYPE=0 CODE=0
> ID=1751 SEQ=1
>
> Maybe with some magic routing rule, is it possible to split to have to lines.
> I'll check that today.
Just use RETURN instead of ACCEPT should solve the problem?
More information about the pve-devel
mailing list