[Firewall] firewall help with VM

Lonnie Abelbeck lists at lonnie.abelbeck.com
Tue Aug 27 03:49:54 CEST 2013


Hi Chris,

By design, each interface in INT_IF is isolated from each other, so br1 and br2 can't pass packets between each other by default.

To allow  br1 and br2 to talk to each other, set the variable:
--
IF_TRUSTS="br1 br2"
--

Lonnie



On Aug 26, 2013, at 7:21 PM, Chris Vavruska wrote:

> I am running a ubuntu 13.04 machine with the follow:
> 
> 3 interface: 1 external(eth0) 2 internal(br1 br2)
> services dhcpd, bind, samba..etc
> VM running win7 using the virtio drivers bridged to br1.
> 
> Since I installed the firewall I am unable to get anywhere from the VM to the internal network. All other services appear to be working fine such as 
>  I dont yet have the external network connected to anything as I am trying to make sure things work before replacing the current firewall.
> 
> I de-installed the firewall and everything started working. I reinstalled and again it appear to not be happy.
> 
> I did a bunch of googling and can't find anything that matches up to what I am doing. Any ideas?  I can post whatever config need be.
> 
> ###############################################################################
> # Internal (LAN) interface settings                                           #
> ###############################################################################
> 
> # Specify here your internal network (LAN) interface(s). Multiple(!) interfaces
> # should be space separated. Remark this if you don't have any internal network
> # interfaces. Note that by default ALL traffic is accepted from these
> # interfaces.
> # -----------------------------------------------------------------------------
> INT_IF="br1 br2"
> 
> # Specify here the internal IPv4 subnet(s) which is/are connected to the
> # internal interface(s). For multiple interfaces(!) you can either specify
> # multiple subnets here or specify one big subnet for all internal interfaces.
> # Note that this variable is mainly used for antispoofing.
> # -----------------------------------------------------------------------------
> INTERNAL_NET="192.168.0.0/16"
> 
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl



More information about the Firewall mailing list