[PVE-User] Bond0 device for Net interface

Inderjit Singh sysadmin85 at gmail.com
Sun Oct 9 17:07:27 CEST 2011


Hello ,

We are using shorewall with Proxmox. Issue is *net to FW* traffic not 
working but *dmz to FW* is working fine. Our requirement is all traffic 
goes to *Net to FW* . Please provide suggestions.

*/etc/shorewall/zones*
fw      firewall
net     ipv4
dmz     ipv4
loc     ipv4
*
/etc/shorewall/interfaces*
#ZONE   INTERFACE       BROADCAST       OPTIONS
net     bond0           detect          routeback,tcpflags,routefilter
dmz     venet0          detect          routeback
dmz     vmbr1           detect          routeback
loc     vmbr0           detect          routeback

*/etc/shorewall/policy*
#$FW      $FW     ACCEPT
$FW      net     REJECT
$FW      dmz     REJECT
$FW      loc     ACCEPT

# From DMZ Policy
dmz     dmz     ACCEPT
dmz     net     ACCEPT
dmz     $FW     DROP            info    1/sec:2
#dmz     loc     REJECT          info

# From Net Policy
net     all     DROP
net     $FW      ACCEPT            info    1/sec:2
#net     dmz     ACCEPT          info    8/sec:30
net     loc     REJECT          info

# From Loc Policy
loc     loc     ACCEPT
loc     $FW     ACCEPT
loc     dmz     REJECT          info
loc     net     ACCEPT          info

# THE FOLLOWING POLICY MUST BE LAST
all             all             REJECT          info

-- 
--
Inderjit Singh

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pve.proxmox.com/pipermail/pve-user/attachments/20111009/d77f9f3e/attachment-0013.html>


More information about the pve-user mailing list