[fedora-virt] bridge network with iptables running on host?
Gene Czarcinski
gene at czarc.net
Wed Sep 2 17:39:59 UTC 2009
On Wednesday 02 September 2009 13:03:29 Gene Czarcinski wrote:
> I suppose I am going to have to set up some tests and see if I can figure
> out what happens.
OK, I have answered my question to my satisfaction and it appears to work the
way I want it to work -- host still has protection from iptables but guest
does not.
My test:
On host with br0 interface: fire up httpd ... using system-config-firewall,
enable www port ... from another system, access the httpd server on "host"
(accessed) ... using s-c-f, disable www port ... from another system, access
the httpd server on "host" (fails)
On guest running under qemu-kvm and using the br0 interface for its NIC: stop
iptables on guest ... start httpd on guest ... from another system, access
httpd server running on "guest" (works)
So: host is protected by iptables running on the host but guest running under
that same host is not.
Gene
More information about the virt
mailing list