host network
vmbr4 linux bridge enso1 34.22.1.1 (public ip)
vmbr102 linux bridge 172.17.0.1/24 (private ip)
shell:
net.ipv4.forward 1
iptables added -A POSTROUTING -s 172.17.0.0/24 -o vmbr4 -j MASQUERADE
------------------------------------------
vm vmbr102 nic firwall on ip=172.17.0.13
firewall rule :
ipfilter =off (default)
out =drop
add = out accept tcp a.a.a.a port 8081
I want the vm only access port8081 in a.a.a.a(public ip)
If nic firewall is off, it do, but when on,it dont access .
In host shell , tcpdump -v vmbr4 port 8081 display this messages:
if nic firewall off:
34.22.1.1:34333 ==> a.a.a.a:8081 ...........
a.a.a.a:8081 ==> 172.17.0.13:3433.........
34.22.1.1:34333 ==> a.a.a.a:8081 ...........
a.a.a.a:8081 ==> 172.17.0.13:3433.........
...... then it Ok,
if nic firewll on:
172.17.0.13:34334 ==> a.a.a.a:8081 ...........
172.17.0.13:34334 ==> a.a.a.a:8081 ...........
...... then it fail,
How I can do , plese help me .
vmbr4 linux bridge enso1 34.22.1.1 (public ip)
vmbr102 linux bridge 172.17.0.1/24 (private ip)
shell:
net.ipv4.forward 1
iptables added -A POSTROUTING -s 172.17.0.0/24 -o vmbr4 -j MASQUERADE
------------------------------------------
vm vmbr102 nic firwall on ip=172.17.0.13
firewall rule :
ipfilter =off (default)
out =drop
add = out accept tcp a.a.a.a port 8081
I want the vm only access port8081 in a.a.a.a(public ip)
If nic firewall is off, it do, but when on,it dont access .
In host shell , tcpdump -v vmbr4 port 8081 display this messages:
if nic firewall off:
34.22.1.1:34333 ==> a.a.a.a:8081 ...........
a.a.a.a:8081 ==> 172.17.0.13:3433.........
34.22.1.1:34333 ==> a.a.a.a:8081 ...........
a.a.a.a:8081 ==> 172.17.0.13:3433.........
...... then it Ok,
if nic firewll on:
172.17.0.13:34334 ==> a.a.a.a:8081 ...........
172.17.0.13:34334 ==> a.a.a.a:8081 ...........
...... then it fail,
How I can do , plese help me .
Last edited: