From: Syloe T. <sy...@gm...> - 2006-07-21 11:36:57
|
Hello All I installed shorewall 3.0.8 on Centos 4.3 with openvz.org kernel it work well i have in this Host 3 virtual servers (VPS) i can access from a VPS to the internet , and with NAt rule (Via Shorewall) i can access from Internet to the 3 VPS. i want that all the 3 VPS can communicate between them. i can't do a tcp connection from a VPS to an other , in my shorewall log in the Host, i have this error : kernel: Shorewall:FORWARD:REJECT:IN=venet0 OUT=venet0 SRC=192.168.7.185 DST=192.168.7.152 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=48986 DF PROTO=TCP SPT=47559 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 i have this in my default policy, my Host is fw venet is the virtual network card for the VPS networking net all DROP info fw all ACCEPT loc all ACCEPT loc venet ACCEPT # venet all ACCEPT all all REJECT info And it doesn't work. But if i replace the last line with all all ACCEPT it work. but this rule is very permissive i triyed many combination ... no good result ! Perhaps the problem is that venet0 isn't a real ethernet interface ? so we can't do this simply ... some body here have the solution ? thanks in advance |