hi, Alexandre pve-firewall.log for vm101 net0 ,from vm103 net0, use ping.
101 7 tap101i0-IN 28/Jul/2014:15:49:17 +0800 policy DROP: IN=fwbr101i0 OUT=fwbr101i0 PHYSIN=fwln101i0 PHYSOUT=tap101i0 MAC=76:a4:04:1d:4f:be:ce:60:6c:fb:81:4f:08:00 SRC=172.16.4.103 DST=172.16.4.101 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=1318 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=984 # cat 101.fw [OPTIONS] log_level_in: debug enable: 1 policy_in: DROP log_level_out: debug [RULES] IN ACCEPT -i net1 -source +test # cat 103.fw [OPTIONS] log_level_in: debug enable: 1 log_level_out: debug [RULES] IN ACCEPT -source +testnet # cat cluster.fw [OPTIONS] enable: 1 [IPSET testnet] 10.0.0.0/8 172.16.0.0/16 192.168.0.0/16 [RULES] IN ACCEPT -source +testnet # pve-firewall simulate -from vm103 -to vm101 --dport 22 Test packet: from : vm103 to : vm101 proto : tcp dport : 22 ACTION: DROP 在 2014年7月28日,下午3:45,Alexandre DERUMIER <[email protected]> 写道: > can you provide firewall config files ? > > /etc/pve/firewall/<vmid>.fw > /etc/pve/firewall/cluster.fw
_______________________________________________ pve-user mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
