[PVE-User] NAT Problems with PVE Firewall
Elias Werberich
elias at werberich.de
Thu Jun 22 14:36:03 CEST 2017
Hello,
It does not bypass the rules, but you have to keep in mind that
"ip_forward" may be dangerous.
Regards,
Elias Werberich
Am 22.06.2017 um 10:04 schrieb Yannick Palanque:
> Hello,
>
> On my server, it doesn't bypass the rules.
> But you should test yourself and tell the list if it works or not.
>
> Regards,
>
>
>
> Yannick
>
> Le 2017-06-21 23:12, Elias Werberich a écrit :
>> Hello,
>>
>> thank you, it works.
>> But it will not bypass any firewall rules?
>>
>> Regards,
>>
>> Elias Werberich
>>
>> Am 21.06.2017 um 21:12 schrieb Yannick Palanque:
>>> Le 2017-06-21 18:26, Elias Werberich a écrit :
>>>> Using SNAT instead of MASQUERADE does not solve the problem.
>>>> In a pve-devel thread [2] I read that the following rules should help,
>>>> but it does not work either.
>>>>
>>>> post-up iptables -t raw -A PREROUTING -s '10.0.0.0/24' -i vmbr12
>>>> -j CT --zone 1
>>>> post-up iptables -t raw -A PREROUTING -d '10.0.0.0/24' -i vmbr12
>>>> -j CT --zone 1
>>>
>>>
>>> Hello,
>>>
>>> I use
>>> post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
>>> and I have no problem with NAT and FW.
>>>
>>> Regards,
>>>
>>>
>>>
>>> Yannick Palanque
>>
>> _______________________________________________
>> pve-user mailing list
>> pve-user at pve.proxmox.com
>> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
More information about the pve-user
mailing list