Networking problem with firewall and KVM
Serge Hallyn
serge.hallyn at canonical.com
Thu Dec 13 12:11:36 UTC 2012
Quoting Lorenzo Milesi (maxxer at ufficyo.com):
> Hi.
> I've a strange problem with networking and a KVM virtualized pfsense firewall.
>
> My hw host is Ubuntu 12.04 fully updated, with two bridges br0 (LAN) and br1 (WAN).
> pfSense is a KVM guest with the two interfaces in virtio mode.
Can you give more details on the host networking setup?
> When I run pfSense as fw, the host doesn't seem capable of doing tcp connections outside. I can ping any internal and exernal host, but when I try telnetting 25 or 80 outside it won't work. Every other host in the LAN can surf and make every kind of connection outside and inside, just the host cannot.
This doesn't make sense to me. Let's say eth1 is the WAN nic which is
bridged into br1. Without extra iptables rules, traffic from the host
is going to flow over eth1 without going through the kvm host first,
right?
If you do reject such traffic with iptables rules, then of course
you'd need to add a route table entry for WAN traffic to flow
through the kvm host.
So we really need to see your whole setup.
-serge
More information about the ubuntu-server
mailing list