From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sleemburg@it-functions.nl>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 0633062E2E
 for <pve-devel@lists.proxmox.com>; Sun, 23 Aug 2020 18:35:12 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id EF4E3174E7
 for <pve-devel@lists.proxmox.com>; Sun, 23 Aug 2020 18:35:11 +0200 (CEST)
Received: from mx0.it-functions.nl (mx0.it-functions.nl [178.32.167.210])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest
 SHA256) (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id 347AA174D9
 for <pve-devel@lists.proxmox.com>; Sun, 23 Aug 2020 18:35:11 +0200 (CEST)
Received: from [217.100.26.194] (helo=daruma-old.hachimitsu.nl)
 by mx0.it-functions.nl with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.92) (envelope-from <sleemburg@it-functions.nl>)
 id 1k9sxa-0001N4-Ex
 for pve-devel@lists.proxmox.com; Sun, 23 Aug 2020 18:35:10 +0200
Received: from [192.168.254.32] by daruma-old.hachimitsu.nl with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89)
 (envelope-from <sleemburg@it-functions.nl>) id 1k9sxX-0002JL-FS
 for pve-devel@lists.proxmox.com; Sun, 23 Aug 2020 18:35:07 +0200
To: pve-devel@lists.proxmox.com
References: <d4c75d3b-88e6-36db-9c05-88254a305d4a@it-functions.nl>
 <1877466395.127.1598159022900@webmail.proxmox.com>
 <292235591.128.1598159408132@webmail.proxmox.com>
 <15c9ed01-6e88-b3c6-6efd-cb5c881904fb@it-functions.nl>
 <9631e68f5947725e8c6cae3494872cf00df18569.camel@junkyard.4t2.com>
From: Stephan Leemburg <sleemburg@it-functions.nl>
Organization: IT Functions
Message-ID: <bd16d600-389b-fc24-df7a-8b05aa7ef6c5@it-functions.nl>
Date: Sun, 23 Aug 2020 18:35:07 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <9631e68f5947725e8c6cae3494872cf00df18569.camel@junkyard.4t2.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: nl
X-Scan-Signature: 07941e066923f10959951ea2ac337631
X-GeoIP: NL
X-Virus-Scanned: by clamav-new
X-Scan-Signature: 08033271ef916b9fcb6e25592088e0dd
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.094 Adjusted score from AWL reputation of From: address
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 NICE_REPLY_A           -0.948 Looks like a legit reply (A)
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 T_SPF_PERMERROR          0.01 SPF: test of record failed (permerror)
Subject: Re: [pve-devel] More than 10 interfaces in lxc containers
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Sun, 23 Aug 2020 16:35:12 -0000

Am Sonntag, den 23.08.2020, 12:58 +0200 schrieb Stephan Leemburg:
>> Good afternoon Dietmar,
>>
>> The reason is separation of client's resources on the machine(s).
>>
>> In firewalling, it is not uncommon to use a lot of VLAN's.
>>
>> For example at one of my clients that I do consultancy for, they
>> have
>> more than 60 VLAN's defined on their firewall.
> probably not helping with your original Problem, but running (such) a
> firewall in a LXC feels totally wrong to me.
That is not my setup. The customer runs very expensive firewalls and all 
interfaces are vlan interfaces on top of link aggregations.
>
> Putting the FW in a VM is fine for me, but I surely don't want it to be
> a part of the hosts network stack.

Maybe I should reconsider my thought in migrating from a kvm that runs 
pfSense to a debian container that runs iptables in the same kernel and 
network stack as the node.

Thanks for your input. I will do some more research and educated thinking.

Best regards,

Stephan

>
> Regards,
>    Tom
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>