[Firewall] firewall help with VM

Chris Vavruska vavruska at gmail.com
Tue Aug 27 13:51:25 CEST 2013


Lonnie,

Thanks for your response. it turns out what I needed to do to get the VM
GuestOS to talk to anything on the br1 network including the HostOS was to
add the following

TRUSTED_IF="br1"

I may eventually make up some rules to lock it down a little better but I
am not so worried about blocking the internal network. I have been running
the current FW in this capacity for 12+ years.

thanks!

Chris


On Tue, Aug 27, 2013 at 1:49 AM, Lonnie Abelbeck
<lists at lonnie.abelbeck.com>wrote:

> Hi Chris,
>
> By design, each interface in INT_IF is isolated from each other, so br1
> and br2 can't pass packets between each other by default.
>
> To allow  br1 and br2 to talk to each other, set the variable:
> --
> IF_TRUSTS="br1 br2"
> --
>
> Lonnie
>
>
>
> On Aug 26, 2013, at 7:21 PM, Chris Vavruska wrote:
>
> > I am running a ubuntu 13.04 machine with the follow:
> >
> > 3 interface: 1 external(eth0) 2 internal(br1 br2)
> > services dhcpd, bind, samba..etc
> > VM running win7 using the virtio drivers bridged to br1.
> >
> > Since I installed the firewall I am unable to get anywhere from the VM
> to the internal network. All other services appear to be working fine such
> as
> >  I dont yet have the external network connected to anything as I am
> trying to make sure things work before replacing the current firewall.
> >
> > I de-installed the firewall and everything started working. I
> reinstalled and again it appear to not be happy.
> >
> > I did a bunch of googling and can't find anything that matches up to
> what I am doing. Any ideas?  I can post whatever config need be.
> >
> >
> ###############################################################################
> > # Internal (LAN) interface settings
>       #
> >
> ###############################################################################
> >
> > # Specify here your internal network (LAN) interface(s). Multiple(!)
> interfaces
> > # should be space separated. Remark this if you don't have any internal
> network
> > # interfaces. Note that by default ALL traffic is accepted from these
> > # interfaces.
> > #
> -----------------------------------------------------------------------------
> > INT_IF="br1 br2"
> >
> > # Specify here the internal IPv4 subnet(s) which is/are connected to the
> > # internal interface(s). For multiple interfaces(!) you can either
> specify
> > # multiple subnets here or specify one big subnet for all internal
> interfaces.
> > # Note that this variable is mainly used for antispoofing.
> > #
> -----------------------------------------------------------------------------
> > INTERNAL_NET="192.168.0.0/16"
> >
> > _______________________________________________
> > Firewall mailing list
> > Firewall at rocky.eld.leidenuniv.nl
> > http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> > Arno's (Linux IPTABLES Firewall) Homepage:
> > http://rocky.eld.leidenuniv.nl
>
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20130827/3bb5dc43/attachment.html>


More information about the Firewall mailing list