From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 0633062E2E for ; Sun, 23 Aug 2020 18:35:12 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id EF4E3174E7 for ; Sun, 23 Aug 2020 18:35:11 +0200 (CEST) Received: from mx0.it-functions.nl (mx0.it-functions.nl [178.32.167.210]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 347AA174D9 for ; Sun, 23 Aug 2020 18:35:11 +0200 (CEST) Received: from [217.100.26.194] (helo=daruma-old.hachimitsu.nl) by mx0.it-functions.nl with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1k9sxa-0001N4-Ex for pve-devel@lists.proxmox.com; Sun, 23 Aug 2020 18:35:10 +0200 Received: from [192.168.254.32] by daruma-old.hachimitsu.nl with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1k9sxX-0002JL-FS for pve-devel@lists.proxmox.com; Sun, 23 Aug 2020 18:35:07 +0200 To: pve-devel@lists.proxmox.com References: <1877466395.127.1598159022900@webmail.proxmox.com> <292235591.128.1598159408132@webmail.proxmox.com> <15c9ed01-6e88-b3c6-6efd-cb5c881904fb@it-functions.nl> <9631e68f5947725e8c6cae3494872cf00df18569.camel@junkyard.4t2.com> From: Stephan Leemburg Organization: IT Functions Message-ID: Date: Sun, 23 Aug 2020 18:35:07 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <9631e68f5947725e8c6cae3494872cf00df18569.camel@junkyard.4t2.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: nl X-Scan-Signature: 07941e066923f10959951ea2ac337631 X-GeoIP: NL X-Virus-Scanned: by clamav-new X-Scan-Signature: 08033271ef916b9fcb6e25592088e0dd X-SPAM-LEVEL: Spam detection results: 0 AWL -0.094 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -0.948 Looks like a legit reply (A) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record T_SPF_PERMERROR 0.01 SPF: test of record failed (permerror) Subject: Re: [pve-devel] More than 10 interfaces in lxc containers X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Aug 2020 16:35:12 -0000 Am Sonntag, den 23.08.2020, 12:58 +0200 schrieb Stephan Leemburg: >> Good afternoon Dietmar, >> >> The reason is separation of client's resources on the machine(s). >> >> In firewalling, it is not uncommon to use a lot of VLAN's. >> >> For example at one of my clients that I do consultancy for, they >> have >> more than 60 VLAN's defined on their firewall. > probably not helping with your original Problem, but running (such) a > firewall in a LXC feels totally wrong to me. That is not my setup. The customer runs very expensive firewalls and all interfaces are vlan interfaces on top of link aggregations. > > Putting the FW in a VM is fine for me, but I surely don't want it to be > a part of the hosts network stack. Maybe I should reconsider my thought in migrating from a kvm that runs pfSense to a debian container that runs iptables in the same kernel and network stack as the node. Thanks for your input. I will do some more research and educated thinking. Best regards, Stephan > > Regards, > Tom > > > _______________________________________________ > pve-devel mailing list > pve-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel >