Hi again, I'm still dealing with my libvirt issues but it is now clear that it's not a shorewall problem.
Now I have a related problem... since my host is the router for all virtual machines, it has to route trafic among them. The problem is that all the trafic, from the host point of view, is seen on the same interface (in my case, vnet0). The point is that I have configured the following: ####################### interfaces ####################### net eth0 - tcpflags,logmartians,nosmurfs,norfc1918,blacklist vms vnet0 - bridge,tcpflags,nosmurfs,blacklist vpn tun+ - tcpflags,nosmurfs,blacklist and a few rules to allow for "intra-vms" trafic like these: ####################### rules ####################### ACCEPT vms vms icmp SSH/ACCEPT vms vms DNS/ACCEPT vms vms However, these rules are never invoked. That is, the vms2vms chain is created but not referred to. Is there any way to convince shorewall to refer to these rules? I see "BRIDGING=Yes" is not supported in shorewall-perl... The output of 'shorewall dump' is at http://ybab.net/shorewall/status-20090402a.txt I just did: sudo sh -c "/sbin/shorewall show -f capabilities > /etc/shorewall/caps" sudo tar -zcf shorewall.tgz /etc/shorewall If you want, I can send it to [email protected] Regards. -- Mariano Absatz - "El Baby" [email protected] www.clueless.com.ar ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
