[PVE-User] pve-firewall and NAT
Yannick Palanque
yannick.ml at palanque.name
Thu Mar 10 20:01:14 CET 2016
Hello,
À 2016-03-10T11:15:09+0100,
Jonas Borgström <jonas at borgstrom.se> écrivit :
> The only workaround I've found so far(from some proxmox forum) is:
> $ iptables -t raw -A PREROUTING -i fwbr+ -j CT --zone 1
>
> But that only works if I manually run it _after_ the firewall and the
> container has been started, it does not work if I add it as a post-up
> command to /etc/network/interfaces.
I have this very iptables rule in interface's post-up rules and it
works... but I have issues with ARP as I told on
<https://forum.proxmox.com/threads/nat-and-firewall-for-lxc-cts.25332/>.
I use this ugly hack (static ARP for GW) and it seems to work well...
HTH
More information about the pve-user
mailing list