[pve-devel] pvefw: masquerade problems and conntrack zones
Alexandre DERUMIER
aderumier at odiso.com
Wed Mar 12 07:42:40 CET 2014
>>I thing 3.10 will be stable in a few months, so there is no need to do a backport.
Yes, I look at the patch, it's not small, and touch in mutiple netfilter/ipstack files
Better to wait.
(I think rhel7 should be release for this summer, so it should be ok pour proxmox 3.3 :)
BTW,after firewall (not soon ;) , I would like to work on dhcp server implementation.
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Mercredi 12 Mars 2014 06:12:33
Objet: RE: [pve-devel] pvefw: masquerade problems and conntrack zones
> adding iptables -t raw -A PREROUTING -d '10.2.0.100/32' -i vmbr14 -j CT --zone
> 1
> -------------------------------------------------------------------------------
> now it's working
> So, it seem that postrouting occur once by zone, or something like that
yes, looks like that.
> So,I think using zones is the goodway. But not available in 2.6.32.
> (maybe it can be easily backported ?)
I thing 3.10 will be stable in a few months, so there is no need to do a backport.
More information about the pve-devel
mailing list