As in topic i’m trying to connect from ubuntu-guest to nethserver (NAT) but it’s not working.
libvirt network:
172.18.18.0/24, virbr0 address 172.18.18.1, guest adress 172.18.18.2
I already made:
-add 172.18.18.0/24 to trusted networks
-add rules in GUI
Accept fw > host:172.18.18.2 service|:any
Accept host:172.18.18.2 > fw service any
Is this possible trough webinterface or only with files?
What i’m doing wrong? Any help very appreciated.
You can’t do it using the GUI since the virbr0 network wan’t show up in the web interface.
The simplest solutions is probably adding virbr0 to the green zone:
mkdir -p /etc/e-smith/templates/etc/shorewall/interfaces/
echo "green virbr0 dhcp,nosmurfs,routeback" > /etc/e-smith/templates/etc/shorewall/interfaces/90virt
signal-event firewall-adjust
signal-event nethserver-libvirtd-update
I never tested it 
@giacomo thank You, it’s working but with little fix (green to loc) and i put this to -custom:
mkdir -p /etc/e-smith/templates-custom/etc/shorewall/interfaces/
echo “loc virbr0 dhcp,nosmurfs,routeback” > /etc/e-smith/templates-custom/etc/shorewall/interfaces/90virt
signal-event firewall-adjust
signal-event nethserver-libvirt-update
Funny that i’ve tried to make this that way but with new zone “virt”:
-virt virbr0 in etc/shorewall/interfaces (with 30custom templaate)
-created new zone in firewall objects GUI
-db networks setprop virt Interface virbr0
-signal-event nethserver-firewall-base-save
-signal-event nethserver-firewall-base-update
-signal-event firewall-adjust
then in GUI
-ACCEPT fw virt any
-ACCEPT virt fw any
but this was not working because of the virt virbr0 in interfaces, the proper line is loc virbr0.
EDIT:
below I put a working scenario:
working connectivity:
mkdir -p /etc/e-smith/templates-custom/etc/shorewall/interfaces/
echo “loc virbr0 dhcp,nosmurfs,routeback” > /etc/e-smith/templates-custom/etc/shorewall/interfaces/90virt
signal-event firewall-adjust
signal-event nethserver-libvirt-update
after creating zone in GUI:
virt eth0 172.18.18.0/24 (eth0 is just example of available interface)
db networks setprop virt Interface virbr0 (change interface to the right one for your VM’s)
signal-event nethserver-firewall-base-save
signal-event nethserver-firewall-base-update
no conectivity to zone/virtual machines (what I wanted to achive - separated zone)
then after ACCEPT rule creation everything works eg.:
ACCEPT fw host_in_virt_zone any
ACCEPT host_in_virt_zone fw any
Thank You a lot for Your help @giacomo . I hope I’m doing this in the right way.?
Also would be great to be able to add virbr0 to green zone from GUI and to create a zone on virbr0. I hope this will help someone who has the same needs as me. Cheers.