[PVE-User] Bond0 device for Net interface

Inderjit Singh sysadmin85 at gmail.com
Mon Oct 10 06:56:39 CEST 2011 

If we DROP *DMZ to FW* all traffic has been stuck and if we enable *DMZ 
to FW* then no rule from *NET* is working whole traffic will from 
outside operate from *dmz2fw*. Please suggest how we can use bond0 for 
net and all traffic will go thru NET interface.

Here is NIC config:

bond0     Link encap:Ethernet  HWaddr 2c:27:d7:14:0e:9f
           inet6 addr: fe80::2e27:d7ff:fe14:e9f/64 Scope:Link
           UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
           RX packets:15848627 errors:8 dropped:0 overruns:0 frame:8
           TX packets:550677 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:1046275868 (997.8 MiB)  TX bytes:166071702 (158.3 MiB)

eth0      Link encap:Ethernet  HWaddr 2c:27:d7:14:0e:9f
           UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
           RX packets:8892978 errors:0 dropped:0 overruns:0 frame:0
           TX packets:550677 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:628574218 (599.4 MiB)  TX bytes:166071702 (158.3 MiB)
           Interrupt:16 Memory:fbfe0000-fc000000

eth1      Link encap:Ethernet  HWaddr 2c:27:d7:14:0e:9f
           UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
           RX packets:6955649 errors:8 dropped:0 overruns:0 frame:8
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:417701650 (398.3 MiB)  TX bytes:0 (0.0 B)
           Interrupt:16 Memory:fb9e0000-fba00000

eth2      Link encap:Ethernet  HWaddr b4:99:ba:aa:bd:2f
           inet6 addr: fe80::b699:baff:feaa:bd2f/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:596088399 errors:0 dropped:0 overruns:0 frame:0
           TX packets:267526680 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:767709641954 (714.9 GiB)  TX bytes:25520408805 (23.7 
GiB)
           Interrupt:17 Memory:fbae0000-fbb00000

lo        Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           inet6 addr: ::1/128 Scope:Host
           UP LOOPBACK RUNNING  MTU:16436  Metric:1
           RX packets:609461 errors:0 dropped:0 overruns:0 frame:0
           TX packets:609461 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:376422625 (358.9 MiB)  TX bytes:376422625 (358.9 MiB)

venet0    Link encap:UNSPEC  HWaddr 
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
           inet6 addr: fe80::1/128 Scope:Link
           UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
           RX packets:55381 errors:0 dropped:0 overruns:0 frame:0
           TX packets:48666 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:8600374 (8.2 MiB)  TX bytes:5229684 (4.9 MiB)

vmbr0     Link encap:Ethernet  HWaddr b4:99:ba:aa:bd:2f
           inet addr:10.213.38.1  Bcast:10.213.38.255  Mask:255.255.255.0
           inet6 addr: fe80::b699:baff:feaa:bd2f/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:596088399 errors:0 dropped:0 overruns:0 frame:0
           TX packets:267194253 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:759364404266 (707.2 GiB)  TX bytes:25503022185 (23.7 
GiB)

vmbr1     Link encap:Ethernet  HWaddr 2c:27:d7:14:0e:9f
           inet addr:*Public IP*  Bcast:*Broadcast Address*  
Mask:255.255.255.224
           inet6 addr: fe80::2e27:d7ff:fe14:e9f/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:8846284 errors:0 dropped:0 overruns:0 frame:0
           TX packets:513334 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:500238924 (477.0 MiB)  TX bytes:163896280 (156.3 MiB)

vmbr2     Link encap:Ethernet  HWaddr 92:af:a3:25:dc:03
           inet addr:10.213.31.1  Bcast:10.213.31.255  Mask:255.255.255.0
           inet6 addr: fe80::90af:a3ff:fe25:dc03/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:0 (0.0 B)  TX bytes:468 (468.0 B)

vmbr99    Link encap:Ethernet  HWaddr 9a:3b:65:81:34:88
           inet addr:10.213.35.1  Bcast:10.213.35.255  Mask:255.255.255.0
           inet6 addr: fe80::983b:65ff:fe81:3488/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:0 (0.0 B)  TX bytes:468 (468.0 B)


Thanks
Indy


On 10/10/2011 1:57 AM, Lars Wilke wrote:
> * Inderjit Singh wrote:
>>     We are using shorewall with Proxmox. Issue is net to FW traffic not
>>     working but dmz to FW is working fine. Our requirement is all traffic goes
>>     to Net to FW . Please provide suggestions.
> it would help to know your NIC configuration, too.
>
>>     /etc/shorewall/policy
>>     # From Net Policy
>>     net     all     DROP
> And this might be your problem, look at the output of iptables -L -n -v
> to see if the DROP rules are listed above any other rules for net2fw traffic.
>
>>     net     $FW      ACCEPT            info    1/sec:2
> this is very low.
>
> hth
>     --lars
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20111010/a977356f/attachment.htm>

More information about the pve-user mailing list