I don't think you can do this, but it's not a limitation of Shorewall.
Each VM is its own machine and installing Shorewall on the host OS only
allows Shorewall to affect the host OS. It's akin to installing
Shorewall on some other machine on the network and expecting it to be
able to protect a totally separate machine.
By way of illustration - I have a box at home with a single NIC and two
VMWare VMs running inside it. They are both bridged to the Internet. The
NIC on the host box doesn't even have a routable IP, but the VMs are
able to DHCP from my ISP without issue. In fact, I'm pretty sure that
the host NIC doesn't technically need an IP at all, but I had to give it
one in order to bring it up. It's obviously not being used. In short,
other than having to be connected so the VMs can pass traffic, the host
OS plays no real part in any traffic exchange.
If you went NAT for your VMs you may have success as traffic has to pass
to and from the host OS for that to work and the host OS would be a
gateway. Bridged, though, means that your VMs are directly connected to
the network.
I know it's a weird concept and I haven't ironed out my full
understanding of it, but that's the gist of it.
Jon
Mikael Kermorgant wrote:
Hello,
I have recently discovered vmware server and installed it on a centos server.
Having already setup xen & shorewall following a very clear howto, I
hoped to find an equivalent solution but in fact, I have found very
little helpful information.
I'd like to install shorewall on the main host (centos), setup
networking in a bridged mode so each virtual host gets its own IP and
setup shorewall to control everything from the main host.
Has anyone some experience about that ?
Thanks in advance,
--
Key fingerprint: BDE0 DE52 B8C0 0CDF 7653 E5A2 D861 7877 0D3B 813E
http://www.jonwatson.ca
+1.403.770.2837
"Trying to learn to hack on a DOS or Windows machine or under MacOS is
like trying to learn to dance while wearing a body cast" - ESR
begin:vcard
fn:Jon Watson
n:Watson;Jon
email;internet:[EMAIL PROTECTED]
tel;work:1.403.875.6048
x-mozilla-html:FALSE
url:http://www.jonwatson.ca
version:2.1
end:vcard
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
