Thanks for the very quick reply Tom. I went back to square one and now do have it all working as it should be. Shorewall on Host (Debian 6.x) and running in a Centos 6.x container. These are all venet based rules as I'm working in a VirtualBox environment so next stage is to install on some test hardware (should be coming in a few days) with bridged networking.
-- Regards, John Hackett Icon Information Systems 74 Gibsons Hill, Norbury, London, SW16 3JS t: 020 8764 2663 f: 020 8711 3370 m: 07801-231118 e: [email protected] w: www.icon-is.co.uk skype: john_hackett twitter: @iconinfosys ----- Original Message ----- From: "Tom Eastep" <[email protected]> To: [email protected] Sent: Monday, 1 October, 2012 2:32:02 PM Subject: Re: [Shorewall-users] Proxmox v2.x, Debian On 10/01/2012 03:14 AM, John M. Hackett wrote: > Hi, > > I hope this is not a stupid question! A client is currently running a > cluster of Proxmox1.6/OpenVZ servers making extensive use of > Shorewall on both the hosts and the containers. I am investigating > the possibility of upgrading to Proxmox v2.1. > > In the Shorewall.net documentation about using Shorewall with OpenVZ > there is a warning: > > "If you are running Debian Squeeze, Shorewall will not work in an > OpenVZ container. This is a Debian OpenVZ issue and not a Shorewall > issue." > > Proxmox v2.1 runs on Debian Squeeze (6.0). > > I assume this means that running the HOST on Debian Squeeze menas > that you cannot run Shorewall in a container - but will it still work > to protect the host or should it not be used at all. I am having > trouble accessing any containers externally (e.g. a squid container) > if I install Shorewall on the host (currently this is in a test > VirtualBox environment so not ideal). I'd like to know whether this > is because I've not got the setup correct or it just won't work! I suspect that you have a Shorewall issue. The problem referred to in the article only affects Shorewall running in a container. > > Secondly - does this apply to the newer kernel (I'm running > 2.6.32-14-pve) and/or newest Debian (6.0.6). > We've had reports that the problem has been corrected in current Debian Squeeze OpenVZ kernels. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
