[PVE-User] Bond0 device for Net interface

Alessandro Briosi ab1 at metalitnord.com
Mon Oct 10 08:30:13 CEST 2011


Il 09/10/2011 17:07, Inderjit Singh ha scritto:
> Hello ,
>
> We are using shorewall with Proxmox. Issue is *net to FW* traffic not 
> working but *dmz to FW* is working fine. Our requirement is all 
> traffic goes to *Net to FW* . Please provide suggestions.

Imho the rule

net all DROP
must be put after the
net $FW ACCEPT
net log REJECT

Otherwise it's applied before.

I'd also enable logging in every rule so you get in the logs where the 
packet is blocked.

My 2 cents,
Alessandro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pve.proxmox.com/pipermail/pve-user/attachments/20111010/ff29d3b7/attachment-0014.html>


More information about the pve-user mailing list