[PVE-User] Proxmox 2.0 - iptables physdev module
Michał Szamocki
mszamocki at cirrus.pl
Fri Apr 20 08:05:10 CEST 2012
Hi,
I'm trying to use iptables on PVE 2 with bridged interfaces:
root at pve2:~# brctl show
bridge name bridge id STP enabled interfaces
vmbr0 8000.080027547093 no eth0
root at pve2:~# ip addr
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:54:70:93 brd ff:ff:ff:ff:ff:ff
inet6 fe80::a00:27ff:fe54:7093/64 scope link
valid_lft forever preferred_lft forever
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 08:00:27:54:70:93 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global vmbr0
inet6 fe80::a00:27ff:fe54:7093/64 scope link
valid_lft forever preferred_lft forever
Simple test:
root at pve2:~# iptables -I INPUT -m physdev --physdev-is-in -j LOG
root at pve2:~# iptables -nvL INPUT
Chain INPUT (policy ACCEPT 85 packets, 8272 bytes)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-in LOG flags 0 level 4
shows that physdev module doesn't work.
The same test on PVE 1.9:
nadia:~# iptables -nvL INPUT
Chain INPUT (policy ACCEPT 53233 packets, 74M bytes)
pkts bytes target prot opt in out source destination
190 19072 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-in LOG flags 0 level 4
Any clue?
--
Michał Szamocki
Cirrus - Aedificaremus Tibi
WWW: http://www.cirrus.pl
More information about the pve-user
mailing list