[pve-devel] firewall and IGMP

Alexandre DERUMIER aderumier at odiso.com
Wed May 21 07:01:09 CEST 2014


Hi,

indeed igmp is filtered, and that's break my multicast traffic

-A PVEFW-HOST-OUT --protocol igmp -j ACCEPT
-A PVEFW-HOST-IN --protocol igmp -j ACCEPT


is enough to resolve the problem


(by the way, I think a igmp macro (or proto) could be great, if we want to use multicast inside a vm)
----- Mail original ----- 

De: "Alexandre DERUMIER" <aderumier at odiso.com> 
À: "Dietmar Maurer" <dietmar at proxmox.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Mercredi 21 Mai 2014 06:10:24 
Objet: Re: [pve-devel] firewall and IGMP 

Ok, I'll test igmp and multicast with them today 
----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Mercredi 21 Mai 2014 06:05:21 
Objet: RE: [pve-devel] firewall and IGMP 


> ruleset_addrule($ruleset, $chain, "-m addrtype --dst-type MULTICAST -j 
> ACCEPT"); 

I reworked the corosync rules, so we now have this: 

-A PVEFW-HOST-IN -s 192.168.0.0/20 -d 192.168.0.0/20 -p udp --dport 5404:5405 -j RETURN 
-A PVEFW-HOST-IN -s 192.168.0.0/20 -m addrtype --dst-type MULTICAST -p udp --dport 5404:5405 -j RETURN 

-A PVEFW-HOST-OUT -d 192.168.0.0/20 -p udp --dport 5404:5405 -j RETURN 
-A PVEFW-HOST-OUT -m addrtype --dst-type MULTICAST -p udp --dport 5404:5405 -j RETURN 
_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 



More information about the pve-devel mailing list