On Monday 2011-05-02 11:37, Falk Nisius wrote: >I have a box with some virtual machines. >One of them has a firewalling function without any natting, >like the following scheme. > >+--------+ >| |192.168.11.42/30 >| guest1 |------------------+ >| | br11 | >+--------+ | 192.168.11.41/30 +---------+ > +--------------------| | > | guest3 | >+--------+ +--------------------| (fw) | >| |192.168.11.46/30 | 192.168.11.45/30 +---------+ >| guest2 |------------------+ | 192.168.10.2/30 >| | br12 | hostnet >+--------+ > >The traffic on the br11 and br12 is allowed. >There is an rule to SNAT guest1 to extern-IP-one >There is an rule to SNAT guest2 to extern-IP-two >There is an rule to SNAT guest3 to extern-IP-three You will have to post the entire rules, not some fragment, and in iptable-save -c format. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
