Mariano Absatz wrote: > Hi again, > > I'm still dealing with my libvirt issues but it is now clear that it's > not a shorewall problem. > > Now I have a related problem... since my host is the router for all > virtual machines, it has to route trafic among them. The problem is that > all the trafic, from the host point of view, is seen on the same > interface (in my case, vnet0). > > The point is that I have configured the following: > > ####################### interfaces ####################### > net eth0 - > tcpflags,logmartians,nosmurfs,norfc1918,blacklist > vms vnet0 - bridge,tcpflags,nosmurfs,blacklist > vpn tun+ - tcpflags,nosmurfs,blacklist > > > and a few rules to allow for "intra-vms" trafic like these: > > ####################### rules ####################### > ACCEPT vms vms icmp > SSH/ACCEPT vms vms > DNS/ACCEPT vms vms > > > However, these rules are never invoked. > > That is, the vms2vms chain is created but not referred to. > > Is there any way to convince shorewall to refer to these rules? > > I see "BRIDGING=Yes" is not supported in shorewall-perl...
Please read http://www.shorewall.net/bridge-Shorewall-perl.html -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
