Firewall on Proxmox. What is vmtab{vmid}i3

[nibir]

Hello
Sorry for my English.

I have a problem with the firewall on proxmox
Install a good firewall (a wrapper around iptables) Shorewall, as told here:
http://www.myatus.co.uk/2009/08/31/guide-firewall-and-router-with-proxmox/

Everything works fine except dmz network.
On my image be seen:
1) multiple virtual machines are included in a bridge
2) bridge is configured as follows:
auto vmbr3
iface vmbr3 inet static
address 10.0.0.1
netmask 255.0.0.0
broadcast 10.255.255.255
network 10.0.0.0
bridge_ports none
bridge_stp off
bridge_fd 0
3) Traffic must go - is shown in gray
4) Traffic is going - is shown in red
5) firewall blocks traffic - is shown in yellow


6) In the logs all confirmed: Traffic from the bridge is in what is incomprehensible vmtab


Aug 19 23:06:03 proxmox kernel: Shorewall: INPUT: REJECT: IN = vmbr3 OUT = PHYSIN = vmtab101i3 MAC = 8e: 6d: b8: 40: d2: d2: c6: 2c: d0: 4f: 90:32: 08:00 SRC = 10.0.0.101 DST = 10.0.0.1 LEN = 60 TOS = 0x00 PREC = 0x00 TTL = 128 ID = 641 PROTO = ICMP TYPE = 8 CODE = 0 ID = 512 SEQ = 26624

How do I order these vmtab not created? Or how can I let the traffic in such a case?

 

[nibir]

I understand that this virtual network interfaces - this is as ports in the switches. But why do they need? How to make sure that they are not created?

 

[l.mierzwa]

Tap interface is used by kvm, see http://blog.alantan.com/2007/01/qemu-tap-bridge-network-configuration.html

 

[sircolin]

nibir

have you had a look over at the http://www.montanalinux.org/proxmox-ve-with-shorewall.html

there is a nice firewall setup there using shorewall4 which i found more understandable.

 

[nibir]

sircolin
Thank you very much!
My problem is "routeback"
I saw this word 2 days ago in my tutorial (url in my first post), and i think this rule for additional security and i not wrote it in the "interfaces" file.

l.mierzwa
Thanks for intresting information.

All my nets worked true! Thanks everybody. Closed.