Proxmox 31 + KVM routing + IP subnet + csf

Question

We have proxmox 3.1 server in netzner with routuing network and IP subnet block. We want to implement csf firewall without interfering the traffic of the KVM VMs, what would be the easiest way?

We readed that we should add this lines to /etc/csf/csfpost.sh:

iptables -A FORWARD -d 144.76.223.155 -j ACCEPT
iptables -A FORWARD -d 144.76.223.156 -j ACCEPT
iptables -A FORWARD -d 144.76.223.157 -j ACCEPT
iptables -A FORWARD -d 144.76.223.158 -j ACCEPT
iptables -A FORWARD -d 144.76.223.159 -j ACCEPT
iptables -A FORWARD -d 144.99.183.323 -j ACCEPT

But when we enable csf the ping breaks, this is the network config (IPs are modified):

auto lo
iface lo inet loopback

# device: eth0
auto  eth0
iface eth0 inet static
  address   144.76.166.100
  netmask   255.255.255.255
  pointopoint   144.76.183.97
  gateway       144.76.183.97

# for single IPs
auto vmbr0
iface vmbr0 inet static
   address   144.76.166.100
   netmask   255.255.255.255
   bridge_ports none
   bridge_stp off
   bridge_fd 0
up ip route add 144.99.183.323/32 dev vmbr0

# for a subnet
auto vmbr1
iface vmbr1 inet static
   address   144.76.166.100
   netmask   255.255.255.248
   bridge_ports none
   bridge_stp off
   bridge_fd 0

Thanks in advanced ! :)

score 1 · Answer 1 · answered Nov 30 '13 at 11:14

1

You can fix this by adding following lines in /etc/csf/csfpost.sh

#!/bin/sh 
/sbin/iptables -F FORWARD
/sbin/iptables -P FORWARD ACCEPT

This solution helps me turn on network acces on KVM VMs.

answered Nov 30 '13 at 11:14

user199549

11
1

Proxmox 31 + KVM routing + IP subnet + csf

1 Answers1