[PVE-User] Bond0 device for Net interface

Inderjit Singh sysadmin85 at gmail.com
Mon Oct 10 09:03:36 CEST 2011

Still same issue *Net2FW* is  not working . All traffic still goes thru 
*dmz2FW* .Please see given policy we are using

# From Firewall Policy
#$FW      $FW     ACCEPT
#$FW      net      REJECT
#$FW      dmz     REJECT
#$FW      loc     ACCEPT

# From Net Policy
net     $FW      ACCEPT           info    1/sec:2
net     all      DROP
#net    dmz      ACCEPT          info    8/sec:30
#net    loc      REJECT          info

# From DMZ Policy
dmz     $FW     ACCEPT
dmz     net     DROP          info    1/sec:2
#dmz    all     DROP
dmz     loc     ACCEPT          info

# From Loc Policy
#loc     loc     ACCEPT
#loc     $FW     ACCEPT
#loc     dmz     REJECT          info
#loc     net     ACCEPT          info

all             all             REJECT          info


On 10/10/2011 12:09 PM, Giuliano Natali wrote:
> Alessandro Briosi wrote:
>> Il 09/10/2011 17:07, Inderjit Singh ha scritto:
>>> Hello ,
>>> We are using shorewall with Proxmox. Issue is *net to FW* traffic not
>>> working but *dmz to FW* is working fine. Our requirement is all
>>> traffic goes to *Net to FW* . Please provide suggestions.
>> Imho the rule
>> net all DROP
>> must be put after the
>> net $FW ACCEPT
>> net log REJECT
>> Otherwise it's applied before.
> I think the best way to use shorewall is to
> write a policy like
> all all DROP info (if you want to see where is the block)
> and use the rules to enable the traffic between what you want
> Then test the connection
> if shorewall blocks a packet you will find a log like this
> shorewall: dmz2net DROP etc. etc
> Use this to write the rule
> My additional cent to alessandro :-)
> Diaolin
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pve.proxmox.com/pipermail/pve-user/attachments/20111010/145dd2ee/attachment-0014.html>

More information about the pve-user mailing list