> So I guess your guest works because its tap0, bridged into br1, > gets an address from the WAN's dhcp server. br1 itself doesn't > get an address nor does eth2, so host can't directly access the > WAN.
br1 doesn't need an ip address, because the default gw for the phy host is 192.168.1.1, the firewall LAN interface. Once the packet reaches 192.168.1.1 is routed by the firewall to the WAN interface of the guest, which is then physical br1. -- Lorenzo Milesi - [email protected] GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
