Hi,
I'm running APF (iptables frond-end) on all my VE's and some HN. One question... how do I manage connections from a VE to the HN?
I've tried simply add a rule so that it results in
0 0 ACCEPT tcp -- any any 70.70.70.70 anywhere tcp dpt:ssh
(IP address of the VE is 70.70.70.70. It doesn't work because it looks like the packets are not coming from 70.70.70.70 since it goes through the venet0 interface. Is there a way to manage this? The only I found for now is to add 'venet0' to the list of trusted interfaces in apf.conf, but this allow all traffic from the VEs, which is not perfect.
Thanks,
Ugo