I''m configuring Shorewall on a server running VMWare which is using bridged interfaces to the virtual machines. How I have to setup the rules for the virtual, which have an own IP address on the bridged interface of VMWare? Thank you very much for your help! Bye. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
shacky wrote:> I''m configuring Shorewall on a server running VMWare which is using > bridged interfaces to the virtual machines. > How I have to setup the rules for the virtual, which have an own IP > address on the bridged interface of VMWare?Unless VMware has changed since I last ran it, you can''t. When I ran VMware, its bridging was invisible to the host IP stack. KVM, on the other hand, uses standard Linux bridges and is easy to integrate with Shorewall. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
On Wed, Apr 02, 2008 at 10:10:19AM -0700, Tom Eastep wrote:> shacky wrote: >> I''m configuring Shorewall on a server running VMWare which is using >> bridged interfaces to the virtual machines. >> How I have to setup the rules for the virtual, which have an own IP >> address on the bridged interface of VMWare? > > Unless VMware has changed since I last ran it, you can''t. When I ran > VMware, its bridging was invisible to the host IP stack. KVM, on the > other hand, uses standard Linux bridges and is easy to integrate with > Shorewall.I could not wring any sense out of the question, but vmware''s so-called "host only" network connection is equivalent to a network card in the guest and one in the host, connected back to back. From there you configure the host like any other router. "Bridged" mode is *by definition* invisible to the host. Its sole purpose is to bypass the host''s network layer and dump frames directly onto the wire. (The vmware host application also has a lame "NAT" mode which is "host only" mode plus a userspace IP proxy running on the host; it sounds impressive to marketdroids but it''s pathetic compared to what linux can do natively) ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace