I have a box with some virtual machines.
One of them has a firewalling function without any natting,
like the following scheme.
+--------+
| |192.168.11.42/30
| guest1 |------------------+
| | br11 |
+--------+ | 192.168.11.41/30 +---------+
+--------------------| |
| guest3 |
+--------+ +--------------------| (fw) |
| |192.168.11.46/30 | 192.168.11.45/30 +---------+
| guest2 |------------------+ | 192.168.10.2/30
| | br12 | hostnet
+--------+
The traffic on the br11 and br12 is allowed.
There is an rule to SNAT guest1 to extern-IP-one
There is an rule to SNAT guest2 to extern-IP-two
There is an rule to SNAT guest3 to extern-IP-three
The natting for guest3 works fine.
The natting for guest1 and guest2 doesn't work. The packets goes to
the internet without any natting. They are not dropped.
It looks like the ACCEPT state on the br11/br12 are assumed for the
handling on the bridge hostnet. I can see the packets at the hostnet,
but no prerouting/postrouting like that for the traffic origined from guest3
is done. The route 192.168.11.0/24 is set for the hostnet via 192.168.10.2.
Perhaps someone can help.
Many thanks
Falk
--
Falk Nisius
Fachbereichsleiter Informatik
------------------------------------------------------------------------
MEDIADESIGN HOCHSCHULE
für Design und Informatik - University of Applied Sciences
Lindenstraße 20-25
10969 Berlin
TEL. +49 (0) 30 399 266-22
FAX +49 (0) 30 399 266-15
f.nisius@xxxxxxxxxxxxxxxxx | www.mediadesign.de
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
