[pve-devel] firewall : cluster.fw [rules] section ?
Alexandre DERUMIER
aderumier at odiso.com
Sat Jul 5 20:13:12 CEST 2014
>>Is 802_1Q required for VLAN traffic? Or do we have a mechanism for adding/removing VLAN tags outside the VMs? Something where inbound traffic has tags removed before forwarding to the VM, and outbound has it >>added after receipt from the VM, so that the host and the physical network use tagged traffic, but the VMs have it untagged?
Yes, indeed, we need it if a user want to tag vlan inside the guest. (proxmox vlan management is done outside the guest)
I'll add 802.1q to the list.
----- Mail original -----
De: "Daniel Hunsaker" <danhunsaker at gmail.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com, "Michael Rasmussen" <mir at datanom.net>
Envoyé: Samedi 5 Juillet 2014 17:18:20
Objet: Re: [pve-devel] firewall : cluster.fw [rules] section ?
Is 802_1Q required for VLAN traffic? Or do we have a mechanism for adding/removing VLAN tags outside the VMs? Something where inbound traffic has tags removed before forwarding to the VM, and outbound has it added after receipt from the VM, so that the host and the physical network use tagged traffic, but the VMs have it untagged?
On Jul 5, 2014 7:37 AM, "Alexandre DERUMIER" < aderumier at odiso.com > wrote:
>>What about ICMP? among other things ICMP is used to optimize network
>>traffic and QoS.
yes, sure ;) icmp and icmpv6 are included in IPV4 and IPV6
available ebtables protocol are :
cat /etc/ethertypes
IPv4 0800 ip ip4 # Internet IP (IPv4)
X25 0805
ARP 0806 ether-arp #
FR_ARP 0808 # Frame Relay ARP [RFC1701]
BPQ 08FF # G8BPQ AX.25 Ethernet Packet
DEC 6000 # DEC Assigned proto
DNA_DL 6001 # DEC DNA Dump/Load
DNA_RC 6002 # DEC DNA Remote Console
DNA_RT 6003 # DEC DNA Routing
LAT 6004 # DEC LAT
DIAG 6005 # DEC Diagnostics
CUST 6006 # DEC Customer use
SCA 6007 # DEC Systems Comms Arch
TEB 6558 # Trans Ether Bridging [RFC1701]
RAW_FR 6559 # Raw Frame Relay [RFC1701]
AARP 80F3 # Appletalk AARP
ATALK 809B # Appletalk
802_1Q 8100 8021q 1q 802.1q dot1q # 802.1Q Virtual LAN tagged frame
IPX 8137 # Novell IPX
NetBEUI 8191 # NetBEUI
IPv6 86DD ip6 # IP version 6
PPP 880B # PPP
ATMMPOA 884C # MultiProtocol over ATM
PPP_DISC 8863 # PPPoE discovery messages
PPP_SES 8864 # PPPoE session messages
ATMFATE 8884 # Frame-based ATM Transport over Ethernet
LOOP 9000 loopback # loop proto
----- Mail original -----
De: "Michael Rasmussen" < mir at datanom.net >
À: pve-devel at pve.proxmox.com
Envoyé: Samedi 5 Juillet 2014 14:52:04
Objet: Re: [pve-devel] firewall : cluster.fw [rules] section ?
On Sat, 05 Jul 2014 14:18:01 +0200 (CEST)
Alexandre DERUMIER < aderumier at odiso.com > wrote:
> >>Maybe simply:
> >>
> >>protocols: ARP, IPV4, IPV6
>
> No objection for me.
>
> @Stefan, do you think we need other protocols inside a vm ?
>
What about ICMP? among other things ICMP is used to optimize network
traffic and QoS.
--
Hilsen/Regards
Michael Rasmussen
Get my public GnuPG keys:
michael <at> rasmussen <dot> cc
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD3C9A00E
mir <at> datanom <dot> net
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE501F51C
mir <at> miras <dot> org
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE3E80917
--------------------------------------------------------------
/usr/games/fortune -es says:
Q: What's the difference between USL and the Titanic?
A: The Titanic had a band.
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list