Hello,
i have a server with one nic connected to a switch with a /24
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
auto eno1
iface eno1 inet manual
auto vmbr0
iface vmbr0 inet static
address 192.1.24.66
netmask 255.255.255.192
gateway 192.1.24.65
bridge-ports eno1
bridge-stp off
bridge-fd 0
dns-nameserver 8.8.8.8
So far so good it works...bit i wanted a fiewall (shorewall) to filter traffic coming from en0 to my hosts in vmbr0
promox-host ist 192.1.24.66
vms are 192.1.24.67 , .68, 69...
I am using an official IP range (this is an example).
before i assigne the 192.1.24.66 to en1 without success...
i dont want a fireall on each vm just one global firewall to filter traffic from inet to my VMs..
any hint?
i could send another range to en1 and change ip of my host if this helps..
e.g hosz 192.1.24.50 /28 with gw 192.1.50.49 but how to route between en1 and the bridge?
or is this not a good attempt to solve my issue?
i have a server with one nic connected to a switch with a /24
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
auto eno1
iface eno1 inet manual
auto vmbr0
iface vmbr0 inet static
address 192.1.24.66
netmask 255.255.255.192
gateway 192.1.24.65
bridge-ports eno1
bridge-stp off
bridge-fd 0
dns-nameserver 8.8.8.8
So far so good it works...bit i wanted a fiewall (shorewall) to filter traffic coming from en0 to my hosts in vmbr0
promox-host ist 192.1.24.66
vms are 192.1.24.67 , .68, 69...
I am using an official IP range (this is an example).
before i assigne the 192.1.24.66 to en1 without success...
i dont want a fireall on each vm just one global firewall to filter traffic from inet to my VMs..
any hint?
i could send another range to en1 and change ip of my host if this helps..
e.g hosz 192.1.24.50 /28 with gw 192.1.50.49 but how to route between en1 and the bridge?
or is this not a good attempt to solve my issue?