Re: Confusion about filtering traffic in a bridge scenario

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Gáspár Lajos" <swifty@freemail.hu>
To: Marc <ccc@lebertbro.com>
Cc: netfilter@vger.kernel.org
Subject: Re: Confusion about filtering traffic in a bridge scenario
Date: Wed, 11 Apr 2012 17:13:52 +0200	[thread overview]
Message-ID: <4F859FB0.9070107@freemail.hu> (raw)
In-Reply-To: <4F859C03.1080803@lebertbro.com>

Hi Marc,

2012-04-11 16:58 keltezéssel, Marc írta:
> Hello,
>
> I was/am trying to setup packet filtering on a virtualisation host and
> couldnt get it to work and was hoping for some pointers.
>
> Heres the setup:
>
> Said host has:
> eth0 - the physical interface, no address assigned
> br0 - the bridge interface, has IP 10.0.0.1 and gateway and default
> route assigned to it
> veth0 - the virtual interface for one of the VMs, has IP 192.168.0.1
>
> both eth0 and veth0 are added to the bridge, the networking setup is
> functional, however I seem to be unable to filter traffic to the VM with
> iptables. Heres what Ive tried:
If I were you, I would set up my network as follows:

Real network
- eth0: IP: 10.0.0.1 Gateway: w.x.y.z

Virtual network
- br0:  IP:192.168.0.254 (this is the "internal" "network" of VMs)
- veth0: IP: 192.168.0.1 Gateway: 192.168.0.254 (a virtual interface of 
a VM)

The VMs would see your host as a gateway... With this setup you can 
simply use the FORWARD chain for NAT/filter/etc....

Swifty

next prev parent reply	other threads:[~2012-04-11 15:13 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-04-11 14:58 Confusion about filtering traffic in a bridge scenario Marc
2012-04-11 15:13 ` Gáspár Lajos [this message]
2012-04-11 15:36 ` Olivier Nicole
2012-04-11 16:27   ` Marc
2012-04-13  6:06 ` hannah commodore
2012-04-13 12:55   ` Marc

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4F859FB0.9070107@freemail.hu \
    --to=swifty@freemail.hu \
    --cc=ccc@lebertbro.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.