Hello,
My linux setup for years has included lxc containers to isolate services and
programs with a
bridge, shorewall and dnsmasq managing access of the containers to the host,
each other
and the outside network (via the hosts NICs). All of the required
configurations are ansibled,
so it takes comparatively little time to set all for this up - yet also implies
a lack of oversight ...
which came to bite me.
The bridge has assigned 192.168.0.1 and the corresponding subnet.
My /etc/shorewall/zones looks like this:
fw firewall
net ipv4
dmz ipv4
The /etc/shorewall/interfaces like so:
net enp0s+
dhcp,tcpflags,logmartians,nosmurfs,optional
net wlp2s+
dhcp,tcpflags,logmartians,nosmurfs,optional
dmz br0
tcpflags,logmartians,nosmurfs,bridge,routeback
The /etc/shorewall/masq like this:
wlp2s+ 192.168.0.0/16
When entering a new subnet and setting up a fresh machine I failed to recognize
that the
subnet used was actually 192.168.0.0 and with above setup managed to
involuntarily
interfere with the routing outside of my machine.
The main question here is: is there anything beyond paying attention to the
subnets used
that either me (in my configuration) or the local admin (in his setup) could
have done to
prevent the interference?
Am I correct in the assumption that correctly adding
"enp20s+ 192.168.0.0/16" to the masq file (it was unfortunately an enp*
interface I used)
would have prevented much of the issue?
Thank you for any insight into this.
Sincerely, Joh
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
