On 10/21/10 11:52 AM, Dr John wrote: > > An Ubuntu 10.04 server running Shorewall 4.4.6.1 hosts three KVM > virtual servers on the default libvrt virbr0 bridge at the default > vnet+ bridge ports. The bridge and ports are on a separate private > subnet (192.168.122.0/24). Each bridge port and the bridge itself are > in the dmz, there are two physical interfaces and private local > subnets in loc, and one interface in net that handles a block of 5 > public IP addresses. DNAT rules accept web, imap, smtp, etc. traffic > originating on net per dest IP and forward it to the appropriate server. > > The setup works quite well with one problem: when starting the host > server it's necessary to restart Shorewall once the bridge and KVM > systems are up. Not a huge problem except that if there's an extended > power failure (such that the UPS gets drained and the server shuts > itself down), no one is there to log on and restart Shorewall after > power recovery & automatic server startup. > > Two questions then, the first being the more important.
<much stuff snipped> > > Any comments on the above configuration would be very much appreciated. > Why don't we try to understand why your current configuration requires the restart and fix that? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
