> -----Original Message----- > From: [email protected] [mailto:pve-devel- > [email protected]] On Behalf Of Dietmar Maurer > Sent: Mittwoch, 22. Jänner 2014 08:13 > To: Alexandre DERUMIER > Cc: pve-devel > Subject: Re: [pve-devel] RFC : iptables implementation > > > >>I am not sure if that model correctly handle traffic form one VM to > > >>another > > (traffic from VM1 to VM2)? > > >>Because you would need to apply out rules for VM1, the in rules for VM2. > > >>Does that work - if so how? > > > > Well, is like to have 2vms behind 2 firewalls. > > OK, so I just believe you that this will work ;-) (I just wonder why > shorewall need > those forwarding chains if it work without)
for example: --------------- #out iptables -A FORWARD -m physdev --physdev-is-bridged --physdev-in tap110i0 -j tap110i0-out #in iptables -A FORWARD -m physdev --physdev-is-bridged --physdev-out tap120i0 -j tap120i0-in ------------ If you trigger an 'ACCEPT' inside the 'tap110i0-out' chain, the input chain 'tap120i0-in' is never processed? _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
