Network Namespace not working with PVE Firewall

jasminj

Active Member
Sep 27, 2014
44
0
26
Vienna 19
jasmin.anw.at
Hello!

In a VM I created a network namespace "ns_twsgw" (IP a.b.c.82, main IP a.b.c.81) with a bridged macvlan (second MAC address on the virtual ETH IF).
I see all the ping packets from the "ns_twsgw" network inside the VM with tcpdump, but I don't see them on the bridge IF (e.g.: fwpr106p0).
I see all the ping packets from the main network inside the VM with tcpdump and I see them all on the bridge IF (e.g.: fwpr106p0).

The setup is working on my private Linux machine (both networks can ping), but it seems the Proxmox firewall is filtering all packets from the "ns_twsgw" network.
I am debugging this since several days and I think the problem is somehow related to the "PHYSDEV" rules the PVE firewall is creating.

a) Is this a know problem?
b) does the PVE FW support several MAC address on the same virtual ETH IF?
c) How can I solve that?

I added a script to create the "ns_twsgw" namespace, if someone is interested how to do that.

BR,
Jasmin
 

Attachments

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!