Hi, Today, I’ve spent about thee hours figuring out why fireballing doesn’t just work. I enabled the fireballing in the cluster and on the nodes, not on a VM. Everything seems to work, except for some services that run on webservers behind a firewall appliance running on the cluster. This setup requires the following traffic flow:
Client -> vmbr0 -> firewall appliance -> vmbr1 -> webserver -> vmbr1 -> firewall appliance -> vmbr0 -> Client This doesn’t work. I don’t see traffic being dropped anywhere in logs, pve-firewall simulate tells me everything is fine, but it just doesn’t work. So, I finally stumbled upon https://forum.proxmox.com/threads/pve-firewall-drop-traffic.32290/ <https://forum.proxmox.com/threads/pve-firewall-drop-traffic.32290/>, and tried to do a sysctl. And all of the sudden, everything starts to work. Few questions: * How do I configure pve-firewall to allow inter-VM traffic? * Why isn’t anything telling me packets are being dropped, and why? * Am I handling this correctly, or am I completely missing something here? Thanks! — Mark Schouten Tuxis Internet Engineering _______________________________________________ pve-user mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
