Can't figure out this firewall issue , but i'm sure you can.
Centos host system, ubuntu vm.
Shorewall installed on host. Host has one nic with mutiple ip:
eth0, eth0:1, eth0:2, eth0:3
eth1 is available but not configure nor used.
The one of interest here is eth0:3 with static ip. I want to run a conference server (bigbluebutton) on ubuntu vm. I set up vm to bridge eth0 and configured vm with static ip that was originally set for eth0:3 on host.
Brought the network interface down on the host: ifdown-eth0:3
VM can access internet, no problem.
I have my personal ip whitelisted in shorewall on host and I can access bigbluebutton no problem, any other ip that tries to access it fires up this log:
... kernel: __ratelimit: 8 callbacks suppressed
... kernel: martian source xxx.xxx.xxx.xxx from xxx.xxx.xxx.xxx, on dev eth0
... kernel: ll header: 00:30:48:94:8b:76:e8:04:62:1c:a9:c0:08:00
.... ( a few more martian goes here) ....
(Then:)
... kernel: Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=XX.XX.XX.XX DST=XXX.XXX.XXX.XXX LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=25631 DF PROTO=TCP SPT=65013 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
Here is what I would like to happen, The vm to connect directly to the internet and all request that comes on the vm ip address to reach the vm, I will have a firewall on the vm.
That VM will be moved to a dedicated server when it's ready therefore I would like to minimize the polution on my main FW.
I am very sure I need a DNAT in shorewall rules, but all my attemp failed.
I'm confused and obviously have a lack of knowledge and understanding.
Hopefully you can help.
Thanks