[pve-devel] firewall : cluster.fw [rules] section ?
Daniel Hunsaker
danhunsaker at gmail.com
Sat Jul 5 17:18:20 CEST 2014
Is 802_1Q required for VLAN traffic? Or do we have a mechanism for
adding/removing VLAN tags outside the VMs? Something where inbound traffic
has tags removed before forwarding to the VM, and outbound has it added
after receipt from the VM, so that the host and the physical network use
tagged traffic, but the VMs have it untagged?
On Jul 5, 2014 7:37 AM, "Alexandre DERUMIER" <aderumier at odiso.com> wrote:
> >>What about ICMP? among other things ICMP is used to optimize network
> >>traffic and QoS.
>
> yes, sure ;) icmp and icmpv6 are included in IPV4 and IPV6
>
> available ebtables protocol are :
>
> cat /etc/ethertypes
>
> IPv4 0800 ip ip4 # Internet IP (IPv4)
> X25 0805
> ARP 0806 ether-arp #
> FR_ARP 0808 # Frame Relay ARP [RFC1701]
> BPQ 08FF # G8BPQ AX.25 Ethernet Packet
> DEC 6000 # DEC Assigned proto
> DNA_DL 6001 # DEC DNA Dump/Load
> DNA_RC 6002 # DEC DNA Remote Console
> DNA_RT 6003 # DEC DNA Routing
> LAT 6004 # DEC LAT
> DIAG 6005 # DEC Diagnostics
> CUST 6006 # DEC Customer use
> SCA 6007 # DEC Systems Comms Arch
> TEB 6558 # Trans Ether Bridging [RFC1701]
> RAW_FR 6559 # Raw Frame Relay [RFC1701]
> AARP 80F3 # Appletalk AARP
> ATALK 809B # Appletalk
> 802_1Q 8100 8021q 1q 802.1q dot1q # 802.1Q Virtual LAN tagged
> frame
> IPX 8137 # Novell IPX
> NetBEUI 8191 # NetBEUI
> IPv6 86DD ip6 # IP version 6
> PPP 880B # PPP
> ATMMPOA 884C # MultiProtocol over ATM
> PPP_DISC 8863 # PPPoE discovery messages
> PPP_SES 8864 # PPPoE session messages
> ATMFATE 8884 # Frame-based ATM Transport over
> Ethernet
> LOOP 9000 loopback # loop proto
>
>
> ----- Mail original -----
>
> De: "Michael Rasmussen" <mir at datanom.net>
> À: pve-devel at pve.proxmox.com
> Envoyé: Samedi 5 Juillet 2014 14:52:04
> Objet: Re: [pve-devel] firewall : cluster.fw [rules] section ?
>
> On Sat, 05 Jul 2014 14:18:01 +0200 (CEST)
> Alexandre DERUMIER <aderumier at odiso.com> wrote:
>
> > >>Maybe simply:
> > >>
> > >>protocols: ARP, IPV4, IPV6
> >
> > No objection for me.
> >
> > @Stefan, do you think we need other protocols inside a vm ?
> >
> What about ICMP? among other things ICMP is used to optimize network
> traffic and QoS.
>
> --
> Hilsen/Regards
> Michael Rasmussen
>
> Get my public GnuPG keys:
> michael <at> rasmussen <dot> cc
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD3C9A00E
> mir <at> datanom <dot> net
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE501F51C
> mir <at> miras <dot> org
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE3E80917
> --------------------------------------------------------------
> /usr/games/fortune -es says:
> Q: What's the difference between USL and the Titanic?
> A: The Titanic had a band.
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20140705/2c3345a7/attachment.htm>
More information about the pve-devel
mailing list