[PVE-User] Conntrack on FORWARD-chain
Mark Schouten
mark at tuxis.nl
Thu Jul 6 11:25:09 CEST 2017
Hi,
We have a cluster with the firewall enabled on cluster- and host-level, not on
VM-level.
One of the VM's is a firewall which routes traffic for the other VM's. We ran
into issues because the Proxmox firewall is looking at the FORWARD-chain, and
dropping ctstate INVALID. That is causing issues, because it feels the routed
traffic has state invalid.
Everything starts working as soon as I do a `iptables -D PVEFW-FORWARD 1`. Am
I misinterpreting stuff, doing something wrong, or is this something else?
Thanks,
--
Kerio Operator in de Cloud? https://www.kerioindecloud.nl/
Mark Schouten | Tuxis Internet Engineering
KvK: 61527076 | http://www.tuxis.nl/
T: 0318 200208 | info at tuxis.nl
More information about the pve-user
mailing list