As in topic i’m trying to connect from ubuntu-guest to nethserver (NAT) but it’s not working.
libvirt network:
172.18.18.0/24, virbr0 address 172.18.18.1, guest adress 172.18.18.2
I already made:
-add 172.18.18.0/24 to trusted networks
-add rules in GUI
Accept fw > host:172.18.18.2 service|:any
Accept host:172.18.18.2 > fw service any
Is this possible trough webinterface or only with files?
What i’m doing wrong? Any help very appreciated.
@giacomo thank You, it’s working but with little fix (green to loc) and i put this to -custom:
mkdir -p /etc/e-smith/templates-custom/etc/shorewall/interfaces/
echo “loc virbr0 dhcp,nosmurfs,routeback” > /etc/e-smith/templates-custom/etc/shorewall/interfaces/90virt
signal-event firewall-adjust
signal-event nethserver-libvirt-update
Funny that i’ve tried to make this that way but with new zone “virt”:
-virt virbr0 in etc/shorewall/interfaces (with 30custom templaate)
-created new zone in firewall objects GUI
-db networks setprop virt Interface virbr0
-signal-event nethserver-firewall-base-save
-signal-event nethserver-firewall-base-update
-signal-event firewall-adjust
then in GUI
-ACCEPT fw virt any
-ACCEPT virt fw any
but this was not working because of the virt virbr0 in interfaces, the proper line is loc virbr0.
EDIT:
below I put a working scenario:
working connectivity:
mkdir -p /etc/e-smith/templates-custom/etc/shorewall/interfaces/
echo “loc virbr0 dhcp,nosmurfs,routeback” > /etc/e-smith/templates-custom/etc/shorewall/interfaces/90virt
signal-event firewall-adjust
signal-event nethserver-libvirt-update
after creating zone in GUI:
virt eth0 172.18.18.0/24 (eth0 is just example of available interface)
db networks setprop virt Interface virbr0 (change interface to the right one for your VM’s)
signal-event nethserver-firewall-base-save
signal-event nethserver-firewall-base-update
no conectivity to zone/virtual machines (what I wanted to achive - separated zone)
then after ACCEPT rule creation everything works eg.:
ACCEPT fw host_in_virt_zone any
ACCEPT host_in_virt_zone fw any
Thank You a lot for Your help @giacomo . I hope I’m doing this in the right way.?
Also would be great to be able to add virbr0 to green zone from GUI and to create a zone on virbr0. I hope this will help someone who has the same needs as me. Cheers.