[PVE-User] about pve-firewall pending changes

Alexandre DERUMIER aderumier at odiso.com
Sat Aug 2 19:13:36 CEST 2014

ok thanks 

just to be sure: 

exists PVEFW-0-managenet (PtOk3cRFOwfyz/9ZLPZZ9Ic1Wpo)
	create PVEFW-0-managenet hash:net family inet hashsize 64 maxelem 64
	add PVEFW-0-managenet
	add PVEFW-0-managenet
        add PVEFW-0-managenet
	#many ip for management use#
	add PVEFW-0-managenet 61.xxx.xxx.xxx
	add PVEFW-0-managenet 61.xxx.xxx.xxx 
you have manually change this part to mask the ip address ? 


----- Mail original ----- 

De: "lyt_yudi" <lyt_yudi at icloud.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: "proxmoxve (pve-user at pve.proxmox.com)" <pve-user at pve.proxmox.com> 
Envoyé: Samedi 2 Août 2014 16:58:32 
Objet: Re: about pve-firewall pending changes 

在 2014年8月2日,下午10:10,Alexandre DERUMIER < aderumier at odiso.com > 写道: 

ok, I'll test that monday. 

can you also do 

#pve-firewall compile 

and send me the result ? 

yes,link this: 


for vms details 
host1: vm100 & vm103 

# cat 100.conf 
bootdisk: virtio0 
cores: 2 
cpuunits: 10000 
hotplug: 1 
ide0: none,media=cdrom 
memory: 2048 
name: test01 
net0: virtio=66:E7:FB:09:A4:62,bridge=vmbr0 
net1: virtio=1E:45:F9:26:C3:1B,bridge=vmbr0 
net2: virtio=DE:43:22:98:71:26,bridge=vmbr1,firewall=1 
onboot: 1 
ostype: l26 
sockets: 1 
virtio0: local:254/vm-254-disk-1.raw,format=raw,size=16G 

# cat 103.conf 
balloon: 4096 
bootdisk: virtio0 
cores: 8 
cpuunits: 150000 
hotplug: 1 
ide0: none,media=cdrom 
memory: 8192 
name: test02 
net0: virtio=CE:84:EF:85:3E:74,bridge=vmbr0 
net1: virtio=EA:6A:D2:BA:31:3C,bridge=vmbr1,firewall=1 
onboot: 1 
ostype: l26 
sockets: 1 
virtio0: local:103/vm-103-disk-1.raw,format=raw,size=32G 

# cat /etc/network/interfaces 
auto lo 
iface lo inet loopback 

auto eth0 
iface eth0 inet manual 

auto eth1 
iface eth1 inet manual 

auto eth2 
iface eth2 inet manual 

auto eth3 
iface eth3 inet manual 

auto bond0 
iface bond0 inet manual 
slaves eth1 eth2 eth3 
bond_miimon 100 
bond_mode balance-tlb 

auto vmbr0 
iface vmbr0 inet static 
address 10.0.x.x 
gateway 10.0.x.x 
bridge_ports eth0 
bridge_stp off 
bridge_fd 0 
post-up echo 0 > /sys/devices/virtual/net/vmbr0/bridge/multicast_snooping 

auto vmbr1 
iface vmbr1 inet manual 
bridge_ports bond0 
bridge_stp off 
bridge_fd 0 
post-up echo 0 > /sys/devices/virtual/net/vmbr1/bridge/multicast_snooping 

Thanks, wish you have a nice weekend! :) 

More information about the pve-user mailing list