This system (Dom0) has multiple interfaces:
eth0: external
br0: internal - subnet1 (private IP connects to DomU's)
eth3: internal
- subnet2 (private IP)
- subnet3 (public IP)

SuSEfirewall2 configuration
FW_MASQ_NETS= private IP subnets
FW_TRUSTED_NETS= all MY subnets
FW_FORWARD= configured appropriately including subnet2 <--> subnet3

Networking was working pretty much as expected except there was no
communication between subnet2 and subnet3. I assumed this was because
they are on the same interface and routing is -between- interfaces.

/etc/sysconfig/SuSEfirewall2 states:
> ## Type: string
> ## Default:
> #
> # 33.)
> # Bridge interfaces without IP address
> #
> # Traffic on bridge interfaces like the one used by xen appears to
> # enter and leave on the same interface. Add such interfaces here in
> # order to install special permitting rules for them.
> #
> # Format: list of interface names separated by space
> #
> # Note: this option is deprecated, use FW_FORWARD_ALLOW_BRIDGING
> instead
> #
> # Example:
> #

Since FW_FORWARD_ALLOW_BRIDGING was already set to "yes", I resolved
this routing issue by setting FW_FORWARD_ALWAYS_INOUT_DEV="eth3". But
eth3 is not really a bridge and this option is depreciated. Is there
another way to make this work, other than by assigning each subnet to
its own interface, or is this configured correctly?

Kevin Boyle
If you find this post helpful, please click on the star below!
KBOYLE's Profile:
View this thread: