Shorewall not routing to VM

G

Gerhard

Guest
Hello all,

I am using my host as a firewall (using Shorewall) in a 3 interface configuration with net (eth0), loc (eth1) and dmz (vmbr0/eth2) zones. I have installed a web server and mail server in two separate KVM virtual machines in the dmz and I have another physical web server running in the loc zone. My problem is that traffic from the internet is not reaching the two servers in the dmz but it is reaching the web server in the loc zone. I have confirmed (with tcpdump) that packets hit eth0 on the host but not the vm's. I am suspecting that the network bridge on eth2 is the problem. My interfaces file looks like this (i.t.o. eth2):

iface eth2 inet manual​
auto vmbr0
iface vmbr0 inet static
address 192.168.2.254
netmask 255.255.255.0
bridge_ports eth2
bridge_stp off
bridge_fd 0​

Am I on the right track suspecting the bridge or is there something else I am missing?

Thanks.
 
It's kindof difficult to make any determination based on the information provided.
It would help if you were to post your /etc/network/interfaces or explain how the Shorewall is configured.

So you have Proxmox at 192.168.2.254 & shorewall's installed to the same Operating environment as Proxmox, not a VM inside?
What do you mean when you say (i.t.o. eth2)?

Seems Shorewall isn't distributing the eth0 to the right places somehow.

I'm not at all an expert with Shorewall, so I can't help much but there's a tutorial for how that can be configured with Proxmox- there's a special repo to install from and something about only one bridge being supported, so I don't use it but some people say these articles work.
http://montanalinux.org/proxmox-ve-with-shorewall.html
http://www.montanalinux.org/proxmox-ve-with-shorewall-part2.html
 
Thank you for the reply. There is was a problem higher up in my rules file!

FWIW, It seems that there are no specific tricks required to get network bridges to work with Shorewall - they work like any other interface in my experience.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!