Ok, I am setting up a new dom0 at a colo provider and
usually the colo facility acts as my gateway, but at this new one, the provider
is recommending that I use the server as its own gateway. That unfortunately
doesnt work to well when it comes to iptables and my domU's. IPtables do not
support virtual interfaces, so I can't just white list them unfortunately. I
have tried many different iptable rules, but still can't seem to allow the
guests to have unfiltered access to and from the internet without shutting down
the iptables on the dom0. Obviously thats not an option.
I have tried these two rules, but no difference:
iptables -I INPUT 1 -d 207.xxx.xxx.0/30 -j ACCEPT
iptables -I OUTPUT 1 -s 207.xxx.xxx.0/30 -j ACCEPT
Any recommendations? I am running CentOS as the dom0 and an
hoping to be able to continue to use my CSF firewall script, but at this point,
if I can only get help with iptables, thats fine as well.
Thanks,
Mark
