[pve-devel] pvefw: masquerade problems and conntrack zones
Dietmar Maurer
dietmar at proxmox.com
Tue Mar 11 06:37:36 CET 2014
> >>We need physdev match to filter traffic from VMs?
> sorry, I wanted to say, output interface instead phydev
>
> >>iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j
> MASQUERADE
> replace by
>
> iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -j SNAT --to X.X.X.X (ip of
> the bridge)
That does not work for me.
> how is the netfilter logs, with masquerade with ip on vmbr0 and without veth
> ?
OUT=pm1 in that case
> MASQTEST: IN= OUT=??? PHYSIN=tap116i0 PHYSOUT=???? SRC=10.10.10.3
> DST=8.8.8.8
>
>
>
> I'm a bit lost for now, I'll try to create a testlab tomorrow to see how things
> works.
More information about the pve-devel
mailing list