Shorewall firewall no vmbr bridges needed ?
I use some time Shorewall firewall. And i noticed
that it works perfect with Proxmox 2.0
Shorewall can do perfect Dnat and accept destination zone and ports.
I did work a while with vmbr bridge and had a vmbr1 direct routed to vm's WAN adress (vmbr1)
and vmbr0 routed to LAN network inside Proxmox (10.0.1.x) vmbr0
I did start to notice that if i do not use vmbr bridges
and just use Shorewall to direct route IP address to my Proxmox host
this works also ? So then is the Shorewall is a network router firewall
on top of Proxmox 2.0 which i installed myself seems to work perfectly.
Because a bridge is like a physical switch on Proxmox. Then looks if firewall
can do the same and bridge is not needed.
My eth0 is not really bridged but extra IP adresses i have routed to my Proxmox host.
Seems to work perfect. So guess i am not really bridging like this.
I have my bridge off like this:
bridge_ports none
bridge_stp off
bridge_fd 0
Mmmh works perfectly.
I use some time Shorewall firewall. And i noticed
that it works perfect with Proxmox 2.0
Shorewall can do perfect Dnat and accept destination zone and ports.
I did work a while with vmbr bridge and had a vmbr1 direct routed to vm's WAN adress (vmbr1)
and vmbr0 routed to LAN network inside Proxmox (10.0.1.x) vmbr0
I did start to notice that if i do not use vmbr bridges
and just use Shorewall to direct route IP address to my Proxmox host
this works also ? So then is the Shorewall is a network router firewall
on top of Proxmox 2.0 which i installed myself seems to work perfectly.
Because a bridge is like a physical switch on Proxmox. Then looks if firewall
can do the same and bridge is not needed.
My eth0 is not really bridged but extra IP adresses i have routed to my Proxmox host.
Seems to work perfect. So guess i am not really bridging like this.
I have my bridge off like this:
bridge_ports none
bridge_stp off
bridge_fd 0
Mmmh works perfectly.