[PVE-User] Bond0 device for Net interface
Inderjit Singh
sysadmin85 at gmail.com
Mon Oct 10 09:03:36 CEST 2011
Still same issue *Net2FW* is not working . All traffic still goes thru
*dmz2FW* .Please see given policy we are using
# From Firewall Policy
#$FW $FW ACCEPT
#$FW net REJECT
#$FW dmz REJECT
#$FW loc ACCEPT
# From Net Policy
net $FW ACCEPT info 1/sec:2
net all DROP
#net dmz ACCEPT info 8/sec:30
#net loc REJECT info
# From DMZ Policy
dmz $FW ACCEPT
dmz net DROP info 1/sec:2
#dmz all DROP
dmz loc ACCEPT info
# From Loc Policy
#loc loc ACCEPT
#loc $FW ACCEPT
#loc dmz REJECT info
#loc net ACCEPT info
# THE FOLLOWING POLICY MUST BE LAST
all all REJECT info
Thanks
Indy
On 10/10/2011 12:09 PM, Giuliano Natali wrote:
> Alessandro Briosi wrote:
>> Il 09/10/2011 17:07, Inderjit Singh ha scritto:
>>> Hello ,
>>>
>>> We are using shorewall with Proxmox. Issue is *net to FW* traffic not
>>> working but *dmz to FW* is working fine. Our requirement is all
>>> traffic goes to *Net to FW* . Please provide suggestions.
>> Imho the rule
>>
>> net all DROP
>> must be put after the
>> net $FW ACCEPT
>> net log REJECT
>>
>> Otherwise it's applied before.
> I think the best way to use shorewall is to
> write a policy like
>
> all all DROP info (if you want to see where is the block)
>
> and use the rules to enable the traffic between what you want
>
> Then test the connection
> if shorewall blocks a packet you will find a log like this
>
> shorewall: dmz2net DROP etc. etc
>
> Use this to write the rule
>
> My additional cent to alessandro :-)
>
> Diaolin
>
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20111010/145dd2ee/attachment.htm>
More information about the pve-user
mailing list