[PVE-User] Firewalling caused me to freak out :)
Mark Schouten
mark at tuxis.nl
Wed Mar 15 00:22:20 CET 2017
Hi,
Today, I’ve spent about thee hours figuring out why fireballing doesn’t just work. I enabled the fireballing in the cluster and on the nodes, not on a VM. Everything seems to work, except for some services that run on webservers behind a firewall appliance running on the cluster. This setup requires the following traffic flow:
Client -> vmbr0 -> firewall appliance -> vmbr1 -> webserver -> vmbr1 -> firewall appliance -> vmbr0 -> Client
This doesn’t work. I don’t see traffic being dropped anywhere in logs, pve-firewall simulate tells me everything is fine, but it just doesn’t work.
So, I finally stumbled upon https://forum.proxmox.com/threads/pve-firewall-drop-traffic.32290/ <https://forum.proxmox.com/threads/pve-firewall-drop-traffic.32290/>, and tried to do a sysctl. And all of the sudden, everything starts to work.
Few questions:
* How do I configure pve-firewall to allow inter-VM traffic?
* Why isn’t anything telling me packets are being dropped, and why?
* Am I handling this correctly, or am I completely missing something here?
Thanks!
—
Mark Schouten
Tuxis Internet Engineering
More information about the pve-user
mailing list