[PVE-User] Bond0 device for Net interface

Inderjit Singh sysadmin85 at gmail.com
Mon Oct 10 09:03:36 CEST 2011


Still same issue *Net2FW* is  not working . All traffic still goes thru 
*dmz2FW* .Please see given policy we are using

# From Firewall Policy
#$FW      $FW     ACCEPT
#$FW      net      REJECT
#$FW      dmz     REJECT
#$FW      loc     ACCEPT

# From Net Policy
net     $FW      ACCEPT           info    1/sec:2
net     all      DROP
#net    dmz      ACCEPT          info    8/sec:30
#net    loc      REJECT          info


# From DMZ Policy
dmz     $FW     ACCEPT
dmz     net     DROP          info    1/sec:2
#dmz    all     DROP
dmz     loc     ACCEPT          info


# From Loc Policy
#loc     loc     ACCEPT
#loc     $FW     ACCEPT
#loc     dmz     REJECT          info
#loc     net     ACCEPT          info

# THE FOLLOWING POLICY MUST BE LAST
all             all             REJECT          info


Thanks
Indy


On 10/10/2011 12:09 PM, Giuliano Natali wrote:
> Alessandro Briosi wrote:
>> Il 09/10/2011 17:07, Inderjit Singh ha scritto:
>>> Hello ,
>>>
>>> We are using shorewall with Proxmox. Issue is *net to FW* traffic not
>>> working but *dmz to FW* is working fine. Our requirement is all
>>> traffic goes to *Net to FW* . Please provide suggestions.
>> Imho the rule
>>
>> net all DROP
>> must be put after the
>> net $FW ACCEPT
>> net log REJECT
>>
>> Otherwise it's applied before.
> I think the best way to use shorewall is to
> write a policy like
>
> all all DROP info (if you want to see where is the block)
>
> and use the rules to enable the traffic between what you want
>
> Then test the connection
> if shorewall blocks a packet you will find a log like this
>
> shorewall: dmz2net DROP etc. etc
>
> Use this to write the rule
>
> My additional cent to alessandro :-)
>
> Diaolin
>
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pve.proxmox.com/pipermail/pve-user/attachments/20111010/145dd2ee/attachment-0014.html>


More information about the pve-user mailing list