<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
If we DROP <b>DMZ to FW</b> all traffic has been stuck and if we
enable <b>DMZ to FW</b> then no rule from <b>NET</b> is working
whole traffic will from outside operate from <b>dmz2fw</b>. Please
suggest how we can use bond0 for net and all traffic will go thru
NET interface.<br>
<br>
Here is NIC config:<br>
<br>
bond0 Link encap:Ethernet HWaddr 2c:27:d7:14:0e:9f<br>
inet6 addr: fe80::2e27:d7ff:fe14:e9f/64 Scope:Link<br>
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1<br>
RX packets:15848627 errors:8 dropped:0 overruns:0 frame:8<br>
TX packets:550677 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:0<br>
RX bytes:1046275868 (997.8 MiB) TX bytes:166071702 (158.3
MiB)<br>
<br>
eth0 Link encap:Ethernet HWaddr 2c:27:d7:14:0e:9f<br>
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1<br>
RX packets:8892978 errors:0 dropped:0 overruns:0 frame:0<br>
TX packets:550677 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:1000<br>
RX bytes:628574218 (599.4 MiB) TX bytes:166071702 (158.3
MiB)<br>
Interrupt:16 Memory:fbfe0000-fc000000<br>
<br>
eth1 Link encap:Ethernet HWaddr 2c:27:d7:14:0e:9f<br>
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1<br>
RX packets:6955649 errors:8 dropped:0 overruns:0 frame:8<br>
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:1000<br>
RX bytes:417701650 (398.3 MiB) TX bytes:0 (0.0 B)<br>
Interrupt:16 Memory:fb9e0000-fba00000<br>
<br>
eth2 Link encap:Ethernet HWaddr b4:99:ba:aa:bd:2f<br>
inet6 addr: fe80::b699:baff:feaa:bd2f/64 Scope:Link<br>
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br>
RX packets:596088399 errors:0 dropped:0 overruns:0 frame:0<br>
TX packets:267526680 errors:0 dropped:0 overruns:0
carrier:0<br>
collisions:0 txqueuelen:1000<br>
RX bytes:767709641954 (714.9 GiB) TX bytes:25520408805
(23.7 GiB)<br>
Interrupt:17 Memory:fbae0000-fbb00000<br>
<br>
lo Link encap:Local Loopback<br>
inet addr:127.0.0.1 Mask:255.0.0.0<br>
inet6 addr: ::1/128 Scope:Host<br>
UP LOOPBACK RUNNING MTU:16436 Metric:1<br>
RX packets:609461 errors:0 dropped:0 overruns:0 frame:0<br>
TX packets:609461 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:0<br>
RX bytes:376422625 (358.9 MiB) TX bytes:376422625 (358.9
MiB)<br>
<br>
venet0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00<br>
inet6 addr: fe80::1/128 Scope:Link<br>
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1<br>
RX packets:55381 errors:0 dropped:0 overruns:0 frame:0<br>
TX packets:48666 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:0<br>
RX bytes:8600374 (8.2 MiB) TX bytes:5229684 (4.9 MiB)<br>
<br>
vmbr0 Link encap:Ethernet HWaddr b4:99:ba:aa:bd:2f<br>
inet addr:10.213.38.1 Bcast:10.213.38.255
Mask:255.255.255.0<br>
inet6 addr: fe80::b699:baff:feaa:bd2f/64 Scope:Link<br>
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br>
RX packets:596088399 errors:0 dropped:0 overruns:0 frame:0<br>
TX packets:267194253 errors:0 dropped:0 overruns:0
carrier:0<br>
collisions:0 txqueuelen:0<br>
RX bytes:759364404266 (707.2 GiB) TX bytes:25503022185
(23.7 GiB)<br>
<br>
vmbr1 Link encap:Ethernet HWaddr 2c:27:d7:14:0e:9f<br>
inet addr:<b>Public IP</b> Bcast:<b>Broadcast Address</b>
Mask:255.255.255.224<br>
inet6 addr: fe80::2e27:d7ff:fe14:e9f/64 Scope:Link<br>
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br>
RX packets:8846284 errors:0 dropped:0 overruns:0 frame:0<br>
TX packets:513334 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:0<br>
RX bytes:500238924 (477.0 MiB) TX bytes:163896280 (156.3
MiB)<br>
<br>
vmbr2 Link encap:Ethernet HWaddr 92:af:a3:25:dc:03<br>
inet addr:10.213.31.1 Bcast:10.213.31.255
Mask:255.255.255.0<br>
inet6 addr: fe80::90af:a3ff:fe25:dc03/64 Scope:Link<br>
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br>
RX packets:0 errors:0 dropped:0 overruns:0 frame:0<br>
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:0<br>
RX bytes:0 (0.0 B) TX bytes:468 (468.0 B)<br>
<br>
vmbr99 Link encap:Ethernet HWaddr 9a:3b:65:81:34:88<br>
inet addr:10.213.35.1 Bcast:10.213.35.255
Mask:255.255.255.0<br>
inet6 addr: fe80::983b:65ff:fe81:3488/64 Scope:Link<br>
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br>
RX packets:0 errors:0 dropped:0 overruns:0 frame:0<br>
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0<br>
collisions:0 txqueuelen:0<br>
RX bytes:0 (0.0 B) TX bytes:468 (468.0 B)<br>
<br>
<br>
Thanks<br>
Indy<br>
<br>
<br>
On 10/10/2011 1:57 AM, Lars Wilke wrote:
<blockquote cite="mid:20111009202754.GA13794@cklennard.localdomain"
type="cite">
<pre wrap="">* Inderjit Singh wrote:
</pre>
<blockquote type="cite">
<pre wrap=""> We are using shorewall with Proxmox. Issue is net to FW traffic not
working but dmz to FW is working fine. Our requirement is all traffic goes
to Net to FW . Please provide suggestions.
</pre>
</blockquote>
<pre wrap="">
it would help to know your NIC configuration, too.
</pre>
<blockquote type="cite">
<pre wrap=""> /etc/shorewall/policy
# From Net Policy
net all DROP
</pre>
</blockquote>
<pre wrap="">
And this might be your problem, look at the output of iptables -L -n -v
to see if the DROP rules are listed above any other rules for net2fw traffic.
</pre>
<blockquote type="cite">
<pre wrap=""> net $FW ACCEPT info 1/sec:2
</pre>
</blockquote>
<pre wrap="">
this is very low.
hth
--lars
_______________________________________________
pve-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:pve-user@pve.proxmox.com">pve-user@pve.proxmox.com</a>
<a class="moz-txt-link-freetext" href="http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user">http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user</a>
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">
</pre>
</body>
</html>