Recent content by flav

Re: PROXMOX VE , can we segment servers if some are in another directly connected net Hello, Your question is not verry clear to me but: if you have 2 LANs, 1 HOST with 2 interfaces, you can separate the VMs on one or another LANs. You can even create internals LANs (Bridges) in the HOST that...

Hi, After 24h it appears that the routers lost the route. It is due to restriction in DropBroadcast which was blocking neighbourhood packets before autorisation. This patch has to be applied over my last one: --- Firewall.pm.flav20150404 2015-04-05 17:46:34.000000000 +0200 +++ Firewall.pm...

Hi, After reading RFC4890, I confirm all this kind of packets should not be dropped (read section 4.3.2 and 4.3.3). Regards, Flavius

Hi, I've got troubles using IPv6 with firewall enabled. After different searches I've found that some more ICMPv6 types have to be enabled. After reading post like this : http://pivotallabs.com/configuring-freebsd-9-1-as-an-ipv6-dhcp-client/ and...

Thank you Dietmar.

Just a reminder for the following. The host 1.2.3.4 is in an unsecured 1.2.3.0/24 network. The user controled alias is not taken into account for all the rules. The code without my correction does not reads the local_network alias in enable_host_firewall (it is set by my $localnet =...

Hello, Yes sure... but not all the network belongs to the cluster and local_network alias should be allowed to user control. What I propose is a patch like this in enable_host_firewall: *** Firewall.pm.orig 2015-03-15 11:26:34.000000000 +0100 --- Firewall.pm 2015-03-15 11:44:33.000000000...

Hi, I'm setting up a new Proxmox 3.4 cluster/host with pve-firewall. The firewall has some default rules allowing all the host's local network. That network is public. My host IP is 1.2.3.4 on network 1.2.3.0/24 Here are the rules Chain PVEFW-HOST-IN: RETURN udp -- 1.2.3.0/24...

Hi, Issue solved. Do not need to add any rule in raw table. You just need to add a some firewall rules to allow your VM to access your virtual network. eg from 192.168.0.0/24 to some_internal_IP on ICMP

Hi, Looks somehow better... but still not ok: # iptables -t raw -A POSTROUTING -o tap100i0 -j CT --zone 1 iptables: No chain/target/match by that name.

Hello, This is not working for me. Can some one help ? I'm tring to setup a VM with NAT and ProxmoxVE Firewall. My config is: on the host with ProxMox 3.4-1: Upgraded to kernel 3.10: # uname -a Linux XXXX 3.10.0-7-pve #1 SMP Thu Jan 22 11:20:00 CET 2015 x86_64 GNU/Linux...