[pve-devel] pvefw: masquerade problems and conntrack zones
Dietmar Maurer
dietmar at proxmox.com
Mon Mar 10 11:03:56 CET 2014
> post-up iptables -t raw -A PREROUTING -s '10.10.10.0/24' -i vmbr1 -j CT --zone
> 1 # why do we need this?
> post-up iptables -t raw -A PREROUTING -d '10.10.10.0/24' -i vmbr1 -j CT --
> zone 1 # why do we need this?
> post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o pm0 -j
> MASQUERADE >> apply on default zone 0
>
>
> so, that should mean that apply -j MASQUERADE don't apply on vmbr1 with
> zone 1
Sure, but why is that required? Are there negative side effects? Any ideas? I have
not found any documentation.
More information about the pve-devel
mailing list