Search results

One further update to this whole thing... If you want to drop ALL traffic BETWEEN containers (where each is using its own interface) it looks something like this (this gets run on the proxmox host): iptables -A FORWARD -i vmbr150 ! -o vmbr0 -j DROP This works (and the preceding post I made)...

I wrote a long post about this because I found the firewall utterly confusing and +1 for adding more documentation on the Wiki. The wiki seems to indicate that Rules cascade all the way down to containers/vm's and that is definitely not the case. THANK YOU wbumiller for clarifying that...

Okay, final update I think... and I believe this is solved? Apparently the trick was to use IPtables on the physical host to deny communication between interfaces. So... I ended up doing the following: 1. Going back to my standard NAT'd setup as explained in OP above. So internet access is...

Actually that was utterly incorrect. This issue still isn't solved for me. I thought it was but that was because I had apparently pushed the gateway update to the wrong VM (it wasn't the one I was testing from). After trying both gateway IP addresses (the public gateway and the 10.150.150.254...

Face Palm.... Had I only read the wiki a little more closely... https://pve.proxmox.com/wiki/Network_Model#Routed_Configuration and this: http://lartc.org/howto/lartc.bridging.proxy-arp.html I just switched over to using a "routed model" and that accomplished EXACTLY what I wanted... Sorry...

So here is the setup I have. A single, public, proxmox server running version 4.1-22. It has a single NIC with a single public IP. And that is all I can get. So naturally I am using NAT behind that public IP for my containers. So on the physical host, Eth0 --> Vmbr0 /w public IP. In...

Exactly :) That is what I did with my config.

The only thing I would add is that I had to reboot my node (not sure why) in order for this to take affect. After I did that it started working. I scratched my head for 30 minutes fiddling about with the config files (the regex checked out when I ran the command to check for matches and the...