On 4/3/2014 6:00 AM, Bruno Friedmann wrote: > Dear shorewall users, I'm at a point I need a bit of help on the following > configuration > > A main host directly connected to internet with one physical interface eth0 > use a bridge > I've setup libvirtd/qemu-kvm on it with one vhost using br0/vnet0 > > The vm has also a public ipv4 address (see k* config in zip) > > I'm using shorewall from long time now, in 3 interfaces modes or 1 interface > from years. > But even after digging in documentation, ml archives or google. It seem I > miss something. > > Can an hawk expert eyes have a look, and give me feedback about what I've > build (but not work as expected) > > Summary of what should be working : > pub/net should only be allowed on specific protocol to fw (main host) or dmz > (the vm) > fw and dmz have free access to internet out. > > I've certainly lost myself in the different approach, and finally have choose > the wrong one. > > At the end I will also have ipv6 (but should be able to adapt the v4 to v6) > > Thanks for any pointers, or advise you could offer.
Your Shorewall configuration has eth0 as a port on the bridge. But your bridge has no eth0 port (in fact, you don't have such a device). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
