improve parameter verification

[pve-firewall.git] / README

diff --git a/README b/README
index ae0d7ba0ee96b54d532fe62b126dbacb7a936ce4..7fd313b08d69e500c9a5023a91f749fd4996a9e6 100644 (file)
--- a/README
+++ b/README
@@ -93,23 +93,36 @@ use a veth device which is plugged into the bridge:
 
 ...
 
-auto pvemgmt0
-iface pvemgmt0 inet static
-       address  192.168.10.10
-       netmask  255.255.255.0
-       gateway  192.168.10.1
-       pre-up ip link add name pvemgmt0 type veth peer name pvemgmt0peer
-       pre-up ip link set pvemgmt0peer up
-       pre-down ip link set pvemgmt0peer down
-       post-down ip link del pvemgmt0
-
 auto vmbr0
 iface vmbr0 inet manual
-       bridge_ports pvemgmt0peer eth0
+       bridge_ports bond0
        bridge_stp off
        bridge_fd 0
-       pre-up ifup pvemgmt0
+
+# this create the veth device and plug it into vmbr0
+auto pm0
+iface pm0 inet static
+       address  192.168.10.10
+       netmask  255.255.255.0
+       gateway  192.168.10.1
+       VETH_BRIDGETO vmbr0
+
+auto vmbr1
+iface vmbr1 inet manual
+      bridge_ports none
+      bridge_stp off
+      bridge_fd 0
+
+# setup masqueraded bridge port vmbr1/pm1 using pm0
+# NOTE: this needs kernel 3.10.0 or newer (for conntrack --zone) 
+auto pm1
+iface pm1 inet static
+       address 10.10.10.1
+       netmask 255.255.255.0
+       VETH_BRIDGETO vmbr1
+       VETH_MASQUERADE pm0
 
 ...
 
 --------------------------------
+