[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [fedora-virt] bridge network with iptables running on host?
- From: Gene Czarcinski <gene czarc net>
- To: fedora-virt redhat com
- Subject: Re: [fedora-virt] bridge network with iptables running on host?
- Date: Wed, 2 Sep 2009 13:39:59 -0400
On Wednesday 02 September 2009 13:03:29 Gene Czarcinski wrote:
> I suppose I am going to have to set up some tests and see if I can figure
> out what happens.
OK, I have answered my question to my satisfaction and it appears to work the
way I want it to work -- host still has protection from iptables but guest
does not.
My test:
On host with br0 interface: fire up httpd ... using system-config-firewall,
enable www port ... from another system, access the httpd server on "host"
(accessed) ... using s-c-f, disable www port ... from another system, access
the httpd server on "host" (fails)
On guest running under qemu-kvm and using the br0 interface for its NIC: stop
iptables on guest ... start httpd on guest ... from another system, access
httpd server running on "guest" (works)
So: host is protected by iptables running on the host but guest running under
that same host is not.
Gene
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]