Hey,
I run the Untangle firewall as a Kernel-based Virtual Machine with two virtual NIC's, it's LAN side interface eth0 is connected to vmbr0 and it's WAN side eth1 to vmbr1. In turn vmbr0 is connected to the hosts physical eth0 port to other LAN side physical equipment and vmbr1 is connected to my WAN uplink. Simply put whatever0 is always LAN side and whatever1 is always WAN side. This set-up means all my other KVM and OpenVZ virtual machines have to go through the Untangle firewall to get out on the Internet as they're set to bridge mode using vmbr0.
So be it a KVM or OpenVZ virtual machine the situation is always...
Guest eth0 -> vmbr0 -> Firewall eth0 -> Firewall eth1 -> vmbr1 -> Hosts eth1 -> Internet
Or if it is a Physical machine...
Physical eth0 -> Hosts eth0 -> vmbr0 -> Firewall eth0 -> Firewall eth1 -> vmbr1 -> Hosts eth1 -> Internet
Before I put my problem, here is something I've also observed...
The Debian OpenVZ containers I'm making set to vmbr0 (and thus get an eth0 interface) don't have an eth0 interface in /etc/network/interfaces automatically, now obviously because it's bridged Proxmox VE doesn't know what to write like it would with veth0. However I feel a sample eth0 section might be worth putting here for future versions, at the very least Proxmox VE can guess the dns-search and dns-nameservers information.
Now for the real problem...
If you set vmbr0 (and thus get an eth0 interface) on an OpenVZ container you can still see veth0. I don't think there's anything to worry about if venet0 got accidentally configured and used instead as the Promox VE host sits on vmbr0 too and thus behind the virtual Untangle firewall as well.
I'd rather the OpenVZ containers use eth0 than venet0 as some crap installs demand an eth0 present, and I'd like venet0 to be hidden (this should be default if you've selected bridge mode) so that only one can be used and also so both don't show up in things like web hosting control panels.
So am I right in saying for my set-up there's no harm in using venet0 even if it does show up, and is there a way of disabling/hiding venet0 when in bridge mode?
Thanks
Steven
I run the Untangle firewall as a Kernel-based Virtual Machine with two virtual NIC's, it's LAN side interface eth0 is connected to vmbr0 and it's WAN side eth1 to vmbr1. In turn vmbr0 is connected to the hosts physical eth0 port to other LAN side physical equipment and vmbr1 is connected to my WAN uplink. Simply put whatever0 is always LAN side and whatever1 is always WAN side. This set-up means all my other KVM and OpenVZ virtual machines have to go through the Untangle firewall to get out on the Internet as they're set to bridge mode using vmbr0.
So be it a KVM or OpenVZ virtual machine the situation is always...
Guest eth0 -> vmbr0 -> Firewall eth0 -> Firewall eth1 -> vmbr1 -> Hosts eth1 -> Internet
Or if it is a Physical machine...
Physical eth0 -> Hosts eth0 -> vmbr0 -> Firewall eth0 -> Firewall eth1 -> vmbr1 -> Hosts eth1 -> Internet
Before I put my problem, here is something I've also observed...
The Debian OpenVZ containers I'm making set to vmbr0 (and thus get an eth0 interface) don't have an eth0 interface in /etc/network/interfaces automatically, now obviously because it's bridged Proxmox VE doesn't know what to write like it would with veth0. However I feel a sample eth0 section might be worth putting here for future versions, at the very least Proxmox VE can guess the dns-search and dns-nameservers information.
Now for the real problem...
If you set vmbr0 (and thus get an eth0 interface) on an OpenVZ container you can still see veth0. I don't think there's anything to worry about if venet0 got accidentally configured and used instead as the Promox VE host sits on vmbr0 too and thus behind the virtual Untangle firewall as well.
I'd rather the OpenVZ containers use eth0 than venet0 as some crap installs demand an eth0 present, and I'd like venet0 to be hidden (this should be default if you've selected bridge mode) so that only one can be used and also so both don't show up in things like web hosting control panels.
So am I right in saying for my set-up there's no harm in using venet0 even if it does show up, and is there a way of disabling/hiding venet0 when in bridge mode?
Thanks
Steven
Last edited:
