From: Dietmar Maurer <dietmar@proxmox.com>
Date: Mon, 10 Mar 2014 09:12:03 +0000 (+0100)
Subject: add documentation for masqueraded setup
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=cdf17f8459f2a96d595beb6e40102d6ac24ecbab;hp=97156ecc4a3061c92ae9613a9e7d543bcd39d8e8

add documentation for masqueraded setup
---

diff --git a/README b/README
index 2f0840d..23c350f 100644
--- a/README
+++ b/README
@@ -107,6 +107,24 @@ iface pm0 inet static
 	gateway  192.168.10.1
 	VETH_BRIDGETO vmbr0
 
+auto vmbr1
+iface vmbr1 inet manual
+      bridge_ports none
+      bridge_stp off
+      bridge_fd 0
+
+# setup masqueraded bridge port vmbr1/pm1
+auto pm1
+iface pm1 inet static
+       address 10.10.10.1
+       netmask 255.255.255.0
+       VETH_BRIDGETO vmbr1
+       post-up   iptables -t raw -A PREROUTING -s '10.10.10.0/24' -i vmbr1 -j CT --zone 1
+       post-up   iptables -t raw -A PREROUTING -d '10.10.10.0/24' -i vmbr1 -j CT --zone 1
+       post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o pm0 -j MASQUERADE
+       post-down iptables -t nat -F POSTROUTING
+       post-down iptables -t raw -F PREROUTING
+
 ...
 
 --------------------------------