[PVE-User] Bond0 device for Net interface
Giuliano Natali
diaolin at diaolin.com
Mon Oct 10 08:39:30 CEST 2011
Alessandro Briosi wrote:
> Il 09/10/2011 17:07, Inderjit Singh ha scritto:
>> Hello ,
>>
>> We are using shorewall with Proxmox. Issue is *net to FW* traffic not
>> working but *dmz to FW* is working fine. Our requirement is all
>> traffic goes to *Net to FW* . Please provide suggestions.
>
> Imho the rule
>
> net all DROP
> must be put after the
> net $FW ACCEPT
> net log REJECT
>
> Otherwise it's applied before.
I think the best way to use shorewall is to
write a policy like
all all DROP info (if you want to see where is the block)
and use the rules to enable the traffic between what you want
Then test the connection
if shorewall blocks a packet you will find a log like this
shorewall: dmz2net DROP etc. etc
Use this to write the rule
My additional cent to alessandro :-)
Diaolin
More information about the pve-user
mailing list