ok, I'll test that monday. can you also do
#pve-firewall compile and send me the result ? ----- Mail original ----- De: "lyt_yudi" <[email protected]> À: "Alexandre DERUMIER" <[email protected]> Cc: "proxmoxve ([email protected])" <[email protected]> Envoyé: Vendredi 1 Août 2014 17:20:13 Objet: Re: about pve-firewall pending changes 在 2014年8月1日,下午7:42,Alexandre DERUMIER < [email protected] > 写道: That mean that proxmox try to apply rules, but it don't work. (maybe it's a bug in generated rules from proxmox). any logs in /var/log/daemon.log ? can you provide your vms,cluster and host config firewall config ? yes,the daemon.log link this: http://mirrors.myccdn.info/images/daemon.log It’s a cluster of host1 and host2, host1 - #cat host.fw [OPTIONS] log_level_in: nolog nf_conntrack_max: 663500 nf_conntrack_tcp_timeout_established: 7875 tcpflags: 1 [RULES] IN ACCEPT -source +managenet host2 - #cat host.fw [OPTIONS] enable: 1 nf_conntrack_max: 663500 nf_conntrack_tcp_timeout_established: 7875 log_level_out: nolog tcpflags: 1 log_level_in: nolog tcp_flags_log_level: nolog smurf_log_level: nolog [RULES] IN ACCEPT -source +managenet 100.fw , 103.fw in the host1 # cat 100.fw [OPTIONS] enable: 1 [RULES] IN ACCEPT -source +managenet # cat 103.fw [OPTIONS] enable: 1 log_level_in: nolog [RULES] GROUP webserver IN ACCEPT -source +managenet 102.fw in the host2 # cat 102.fw [OPTIONS] log_level_in: nolog enable: 1 policy_in: DROP log_level_out: nolog [RULES] GROUP webserver IN ACCEPT -source +managenet ## cat cluster.fw [OPTIONS] enable: 1 [IPSET managenet] 10.0.0.0/8 172.16.0.0/16 192.168.0.0/16 x.x.x.x #many ip for management use# n.n.n.n [RULES] IN ACCEPT -source +managenet [group webserver] IN HTTP(ACCEPT) IN HTTPS(ACCEPT) # pveversion -v proxmox-ve-2.6.32: 3.2-132 (running kernel: 2.6.32-31-pve) pve-manager: 3.2-18 (running version: 3.2-18/e157399a) pve-kernel-2.6.32-31-pve: 2.6.32-132 lvm2: 2.02.98-pve4 clvm: 2.02.98-pve4 corosync-pve: 1.4.7-1 openais-pve: 1.1.4-3 libqb0: 0.11.1-2 redhat-cluster-pve: 3.2.0-2 resource-agents-pve: 3.9.2-4 fence-agents-pve: 4.0.10-1 pve-cluster: 3.0-14 qemu-server: 3.1-28 pve-firmware: 1.1-3 libpve-common-perl: 3.0-19 libpve-access-control: 3.0-15 libpve-storage-perl: 3.0-21 pve-libspice-server1: 0.12.4-3 vncterm: 1.1-7 vzctl: 4.0-1pve6 vzprocps: 2.0.11-2 vzquota: 3.1-2 pve-qemu-kvm: 2.1-1 ksm-control-daemon: 1.1-1 glusterfs-client: 3.4.2-1 _______________________________________________ pve-user mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
