[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [fedora-virt] bridge network with iptables running on host?



On Wednesday 02 September 2009 13:03:29 Gene Czarcinski wrote:
> I suppose I am going to have to set up some tests and see if I can figure
> out what happens.

OK, I have answered my question to my satisfaction and it appears to work the 
way I want it to work -- host still has protection from iptables but guest 
does not.

My test:

On host with br0 interface:  fire up httpd ... using system-config-firewall, 
enable www port ... from another system, access the httpd server on "host" 
(accessed) ... using s-c-f, disable www port ... from another system, access 
the httpd server on "host" (fails)

On guest running under qemu-kvm and using the br0 interface for its NIC: stop 
iptables on guest ... start httpd on guest ... from another system, access 
httpd server running on "guest" (works)

So: host is protected by iptables running on the host but guest running under 
that same host is not.

Gene


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]