[pve-devel] pvefw: masquerade problems and conntrack zones

Dietmar Maurer dietmar at proxmox.com
Tue Mar 11 13:55:10 CET 2014


> Ok,I have done some tests with simple bridge setup, and all is working fine
> for me ????

First, please test on single host first now.

Input filter for VM on VMBR1 will not work when traffic comes from vmbr14.

But this is unrelated to MASQUERADING.
 
> tap110i0 (10.2.0.100)---->vmbr14(10.2.0.1)  <routing>   (10.3.94.31)vmbr1-----
> >eth0---------physical switch--------external host(10.3.94.47 + route add
> 10.2.0.100/32 gw 10.3.94.31)
> 
> 
> 
> host configuration
> ------------------
> 
> auto vmbr1
> iface vmbr1 inet static
>         bridge_ports eth0
>         address 10.3.94.31
>         netmask 255.255.255.0
>         gateway 10.3.94.1
>         bridge_stp off
>         bridge_fd 0
> 
> auto vmbr14
> iface vmbr14 inet static
>         address 10.2.0.1
>         netmask 255.255.255.0
>         bridge_stp off
>         bridge_fd 0
> 
> iptables -t nat -A POSTROUTING -j LOG --log-prefix "POSTROUTING: "
> iptables -t nat -A POSTROUTING -s '10.2.0.100/32' -o vmbr1 -j MASQUERADE
> 


More information about the pve-devel mailing list