On 04/29/2011 01:15 AM, Tom Eastep wrote:
>
> On Apr 28, 2011, at 3:08 PM, Farkas Levente <[email protected]> wrote:
>
>> hi,
>> i've got a virtual linux host with bridged network with 4 guest: 3 linux
>> and 1 windows. in case of the linux host and the 3 linux guest all has
>> it's own shorewall configuration. but in case of the windows guest i
>> can't do this.
>> is it possible to use shorewall to filter only windows guest traffic on
>> the host itself? the host has br0 (as bridge) and vnet0-3 for the guests
>> where vnet3 is the windows guest. in this case how should i define:
>> zones, interfaces, policy ? while i'd not like to disturb other guest
>> traffic on the host (ie. use there own firewall in the guests).
>> thanks in advance.
>> regards.
>
> Yes, it is possible. But before I can give you details, I need to know if the
> box's external interface is also a part on the bridge.
yes. it's one physical ethernet card and running 4 guest (and the host)
while br0 has one valid public ip address.
it's the setup:
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.6cf049b9800a no eth0
vnet0
vnet1
vnet2
vnet3
# ifconfig
br0 Link encap:Ethernet HWaddr 6C:F0:49:B9:80:0A
inet addr:1.2.3.4 Bcast:1.2.3.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:78537495 errors:0 dropped:0 overruns:0 frame:0
TX packets:13333536 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7250322026 (6.7 GiB) TX bytes:58699652446 (54.6 GiB)
eth0 Link encap:Ethernet HWaddr 6C:F0:49:B9:80:0A
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:141686837 errors:0 dropped:0 overruns:0 frame:0
TX packets:114685992 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:32429824910 (30.2 GiB) TX bytes:120019867392 (111.7 GiB)
Interrupt:35 Base address:0xe000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:220184 errors:0 dropped:0 overruns:0 frame:0
TX packets:220184 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:316739812 (302.0 MiB) TX bytes:316739812 (302.0 MiB)
vnet0 Link encap:Ethernet HWaddr FE:54:00:B5:A9:34
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5623576 errors:0 dropped:0 overruns:0 frame:0
TX packets:61595953 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:15444682121 (14.3 GiB) TX bytes:11060142699 (10.3 GiB)
vnet1 Link encap:Ethernet HWaddr FE:54:00:09:71:2B
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:22643389 errors:0 dropped:0 overruns:0 frame:0
TX packets:75916886 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:31250603040 (29.1 GiB) TX bytes:7726089254 (7.1 GiB)
vnet2 Link encap:Ethernet HWaddr FE:54:00:1F:F7:5D
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15754986 errors:0 dropped:0 overruns:0 frame:0
TX packets:67798786 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:11375672734 (10.5 GiB) TX bytes:15335707117 (14.2 GiB)
vnet3 Link encap:Ethernet HWaddr FE:54:00:14:E8:B9
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:244377 errors:0 dropped:0 overruns:0 frame:0
TX packets:3603432 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:20385018 (19.4 MiB) TX bytes:833931605 (795.2 MiB)
--
Levente "Si vis pacem para bellum!"
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
