>>I am not sure if that model correctly handle traffic form one VM to another >>(traffic from VM1 to VM2)? >>Because you would need to apply out rules for VM1, the in rules for VM2. >>Does that work - if so how?
Well, is like to have 2vms behind 2 firewalls. If user of vm1 open outgoing rules to vm2, but user of vm2 don't allow inbound, it'll not work.(and it's good) In my example (like openstack/amazon ec2), default outgoing rules is full open. So, you only have to manage inbound rules for each vm. Another way could be to default full open outgoing to internal network and drop for internet (external network) by default. ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre DERUMIER" <[email protected]>, "pve-devel" <[email protected]> Envoyé: Mercredi 22 Janvier 2014 07:19:28 Objet: RE: [pve-devel] RFC : iptables implementation > what do you think about it ? > > > > iptables -F > iptables -X > > iptables -N tap110i0-out > iptables -N tap110i0-in > #out > iptables -A FORWARD -m physdev --physdev-is-bridged --physdev-in tap110i0 -j > tap110i0-out > #in > iptables -A FORWARD -m physdev --physdev-is-bridged --physdev-out tap110i0 -j > tap110i0-in I am not sure if that model correctly handle traffic form one VM to another (traffic from VM1 to VM2)? Because you would need to apply out rules for VM1, the in rules for VM2. Does that work - if so how? _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
